New Smishing Scam Targets Online Banking Users Through Text Messages and Social Media

A new smishing scam has emerged, targeting online banking users through text messages, WhatsApp, and social media to steal confidential information and access bank accounts. This scam, which utilizes various digital platforms, has raised concerns among cybersecurity experts and financial institutions.

The scam typically begins with a message from a suspicious number, claiming that the recipient's financial account has been added with a password and a substantial balance in USDT (Tether), a cryptocurrency pegged to the US dollar. The message includes a link to a fake trading platform, prompting victims to log in using the provided credentials.

Pieter Arntz, who investigated the scam, found that the fake platform's wallet belonged to a user with VIP5 access, containing a large amount of USDT tokens. The platform required a VIP1 level account to transfer funds, which costs a non-refundable deposit of 50 USDT. This setup relies on the victim's willingness to invest a small amount to access the promised wealth.

Why this matters: This smishing scam has significant implications for online banking security and user privacy, as it can lead to financial losses and identity theft. If left unchecked, it could compromise the trust of online banking users and have far-reaching consequences for the financial industry.

The Federal Trade Commission (FTC) has also issued warnings about smishing scams, noting that scammers often send innocent-sounding messages, such as 'hi, how are you?', to initiate conversations and gain trust. Once trust is established, scammers offer investment advice on cryptocurrency or promise to teach victims how to make significant money in crypto markets, with the goal of stealing their money.

In another instance, Arvest Bank warned its customers about a text scam claiming that online access was limited following an unusual transaction. The message asked recipients to click a link to remove the restriction, using fear tactics to obtain sensitive information. Sammetra Christmon, EVP Sales Manager at Arvest Central Oklahoma, emphasized that Arvest would never ask for sensitive information through unsolicited contact.

Cybersecurity firm Cyble discovered a new malware, Antidot, targeting Android phones to access banking information and other sensitive details. This malware masquerades as a Google Play update application, displaying fake update pages in multiple languages to capture sensitive information. Once installed, Antidot can collect contacts, text messages, credentials, and even lock and grant access to the device.

To protect against these scams, experts advise ignoring suspicious messages, not clicking on unknown links, and never sharing verification codes or personal information. Additionally, users should enable two-step verification, use strong antivirus software, and download apps only from trusted sources like the Google Play Store.

The rise in smishing scams highlights the need for increased vigilance and awareness among online banking users. By taking proactive measures and staying informed, individuals can better protect themselves from falling victim to these sophisticated fraud schemes.

Key Takeaways

• New smishing scam targets online banking users through texts, WhatsApp, and social media.
• Scammers claim account has been added with USDT cryptocurrency and prompt victims to log in.
• Scam aims to steal confidential info and access bank accounts, leading to financial losses and ID theft.
• Experts advise ignoring suspicious messages, not clicking unknown links, and enabling two-step verification.
• Vigilance and awareness are crucial to protect against sophisticated fraud schemes.