Buzz
If you receive a message from someone pretending to be your bank, don’t click on the provided link. A recent mobile phishing scheme is targeting people in the US and Canada, impersonating banks. Clicking on the link will lead to a website that may resemble your bank’s official page, but it’s actually designed to steal your login details.
In general, never click on a link that claims to be from your bank, email provider, or any service where you store sensitive or financial information. If you suspect a message might be legitimate, type the website's URL directly into your browser or, in the case of banking, use the bank’s official mobile app.
This phishing attack was uncovered by security experts at Lookout, a mobile security firm, as reported by ZDNet. The company discovered that at least 4,000 unique IP addresses had visited the fraudulent websites, indicating that around 4,000 individuals had received these deceptive messages, clicked on the links, and possibly exposed their login information in the process.
The links people clicked were embedded in a text claiming that the bank had detected suspicious activity on their account, urging them to follow the link to verify the authenticity of the activity. Even those who are wary of scams might have found the message convincing enough to click.
In addition to stealing account information, some versions of this scam also prompted users to answer “security” questions to supposedly verify their identity, often asking for sensitive details like the account number or card’s expiration date.
Lookout has already informed the banks targeted by this scam, and all the phishing websites have been taken down. However, this serves as a crucial reminder never to click on such links. Whenever you receive texts, emails, or calls claiming to be from your bank, it's safer to contact your bank directly instead of clicking on links or sharing personal information over a call you didn’t initiate.
