At AdaptiveMobile we've seen a notable rise in the number of large scale bank SMShing attacks across the US. Cyber-thieves have stepped up their efforts in an operation to steal bank/credit card account information from unsuspecting victims nationwide. The methods in the scams vary but each has the same end goal: getting the user to give up banking details by phone or web. US users who respond to the phone or web-visit prompts find that funds are withdrawn from their banking accounts.

 

How they do it

These cybercriminals are running a sophisticated operation and carefully choose which institution to impersonate based on geographic location and demographics. They send a text saying that your bank card has been de-activated and ask you to contact them for re-instatement Immediately.

Some examples of the messages used:

STAR ALERT: Your CARD 5109XX has been DEACTlVATED. Please call 765-319-XXXX
Your BankofAmerica debit card has been temporarily blocked - Please call security department : (615)671-XXXX
First American Bank: Your card has been suspended! To reinstate your card go to your personal link http:// uraxxx-c.39xxxx.com
Your debit card has been temporarily blocked - Please call security department : (434)973-XXXX

 

 

1. These messages may ask you to visit a website like the one shown below:

The cybercriminals create imitation banking websites that look like those of the legitimate brand, but that ask users to re-enter their debit card number and ATM pin for ‘reinstatment,” as seen in the screen shot above.

 

2. Users may be prompted to call a number to reinstate the card:

Automated answering systems are commonly used by spammers. When a victim calls up the number they are prompted to enter card information and pin number in order to re-activate the 'blocked account.' To listen to an audio recording of one of the answering systems used click here.

 

These attacks have been on the rise in 2013, and we expect the increase to continue   . For example, on the 1st April 2013 an exact location in Tennessee was targeted with over 10,000 spam messages in a single attack attributed to a local bank.  A flood of complaints was of course inevitable, and in an effort to educate customers, many banks now have warnings on their respective websites as well as going into detail in how these scams work, how you can avoid them and what action to take.

 

To view an animated map visualization of the banking attacks on AdaptiveMobile’s latest GSIM please click here.