Banking SMS Scam to Bypass Second Factor

Barclays has noticed your debit card wasrecently used on 31-05-2017 11:40:43, at APPLE ONLINE STORE for 1749.00GBP. If not you please urgently call fraud prevention on 03301170103 orIntl +443301170103  . Do not reply by SMS.

I personally received this TXT message today from Barclays. It came from the usual Barclays number and caller ID from which I normally receive messages from them. I didn’t make the purchase so I rang the number to find out what was going on.

Notice anything wrong yet?

Before I even rang the number I was suspicious of the message itself. When you call the number in the txt they very cleverly and professionally try to get details from you including getting you to read out a Barclays second factor PINsentry one time pin. So they can hack your account. They had spoofed the caller ID to look like the TXT was from Barclays. On the other end was a well spoken English woman with the sounds of a call center in the background. All very convincing. So many people will get caught by this.

Lesson here is. Don’t trust caller IDs! They do not verify the sender/caller.  They can be faked and spoofed to look like anyone. Call back your bank on a number you know you can trust. Like the one listed on their website. In the case of Barclays you can call them directly through their mobile app. Do that.

Don’t get caught out with this or other scams like this where the caller ID is spoofed.

CATEGORIES
  • Keith Clay says:

    Nathan, thanks for bringing this to my attention. I received a TXT yesterday from my bank asking me to verify transactions that I had made. It seemed legitimate, the usual TXT id, but I had never had that happen before. After reading your post I was concerned, however, that maybe I had given away information–I was not asked to call anyone just verify the activity by texting back OKAY. I did call the bank this morning to ask if this was now standard practice, and they confirmed that it is. The unfortunate thing is that now, in the interest of providing additional security and to verify activity, another door has been opened for the criminal element to spoof real bank messaging and gain access to your account. I think the real lesson here is to remain diligent in our efforts to keep our information safe, and to keep ourselves informed and educated on the latest scams — old and new alike as these things seem to cycle. Thanks for all your efforts in keeping us informed.

  • Jim says:

    Good post Nathan. Upon my initial reading of the “alert”, something else caught my eye.

    The grammar had errors. Specifically: “If not you please urgently call”.

    My immediate reaction was that this was not written by a professional institution.

    Boston Jim

  • lindsey t thomson says:

    great timely info, many thx for all yaa

  • Roger says:

    Good advice event when everything seems perfectly in order.
    The text of this message contained a type of grammatical mistake typically found in these scams…. “If not you please call…”

  • Carlos says:

    Thank you Nathan for your great warnings and advises!

  • Charles Smyth says:

    Are the police making use of these contact details to track these guys down, and close them down?

    • Nathan House says:

      Yes.

      • Neil says:

        I would assume:

        All investigations will lead to India or other fraudulent destinations.

        Sign up’s to VoIP providers will be via VPN’s masking their true location.

        Any payments used to pay for service will be used with stolen credit cards details available on the dark web.

        That’s where the trial ends.

  • Gerry says:

    My wife had received a sms with similar content. And we are in Canada.

    “Dear RBC customer, we’ve detected unauthorized access to your RBC account. Please follow the link below to verify your security questions;www.rbc-royalbank-security.com/”

  • Kevin says:

    Hi Nathan.

    You are 100% correct about caller ID being easy to spoof or fake. I work at a company where I maintain a modern Unify (previously Siemens) high end telephone exchange. In the configuration for each extension you have an option called CLIP, (Calling Line Identity Presentation). This enables me to have our exchange attach any caller ID to an outbound call for any extension on our exchange. It’s simply a matter of opening up the user interface and adding the CLIP number. If you were a hacker and so inclined there are lesser exchanges with the same capability for sale on ebay for as little as £100 and compatible handsets start at £15.

  • zak says:

    got a similar sms but from facebook. i live in Algeria.

  • Raul Souza says:

    Or just access your internet banking and see if the debit is there.

  • >