Two scammers have stolen 7.500 euro from a bank customer with a phone call and an SMS, thanks to two sophisticated techniques: spoofing and smishing
The news of the last wire fraud against a customer of a bank comes from Pastrengo, in the province of Verona: 7.500 euro stolen from the account, two people reported for computer fraud. A fraud, it must be said, quite refined since two quite evolved techniques have been used: the spoofing of the phone number and the smishing.
But what exactly happened? The scammed citizen received a call on his cell phone coming from a toll-free number, the one of his banking institution. On the other end, however, there were the scammers who told him the false news that his bank account should be blocked because there had been attempted breaches online. The scammers then convinced the bank user to follow a link they sent him via SMS, which led to a fake bank login page. On this page, the scammed citizen entered his online bank account login information and followed the fake procedure to block the account. In reality, however, he only gave the account access data to the scammers, who thus managed to embezzle about 7,500 euros from the man.
Current account scam: number spoofing
The interesting thing about this story is that, a few days after blocking the account (or so he thought he had done), the user called back the toll-free number from which he received the first call. And the real customer service employees answered.
The bank's toll-free number, therefore, was "stolen" with the technique of "spoofing": through the use of specific software and some GSM codes, fraudsters can make phone calls by simulating a precise number, which appears on the screen of the called party. This is exactly what the two scammers did.
Current account scam: the smishing
The spoofing of the bank number was only the first step, necessary to "hook" the victim making him believe that the phone call was credible. The second step was to send the SMS with the link to the fake login page.
This technique is called "smishing", i.e. phishing via SMS. It works like all phishing: you invite the user to follow a link, which then leads to a web page where the scam is carried out. Unlike normal phishing, which is usually carried out through an email message, smishing is carried out through an SMS text message.
Current Account Scam: How to Defend Yourself
It must be admitted that this scam was well thought out: the phone call from the fake number reassured the user, who followed the scammers' instructions by clicking on the link. The landing page was credible and the user really believed he was logging into his online bank's site.
However, as the main Italian banks have explained several times and as the Carabinieri of the Peschiera del Garda Company have now reiterated, after a difficult job they managed to trace the two authors of the scam, the problem is at the origin: banks never call on the phone to make us do a guided procedure to block the account.
Even in case of a real violation of a current account, in fact, banks first block the account on their own and then call the customer inviting him to go to the counter to solve the problem. If we receive a phone call from our bank and we are sent an SMS with a link inside, therefore, there is no doubt: it is a scam and that link is dangerous.