A bank impersonation attack is when scammers get in touch with the victim and pretend to represent the victim’s bank. They use a variety of methods to convince the victim to transfer money to a new bank account, or to steal the victim’s bank credentials to move their money to another account.
How do Bank Impersonation Attacks Work?
A bank impersonation attack always begins with someone who claims to represent the bank getting in touch with the victim. It could involve a phone call, a phishing email, a fake SMS message, or even a message over a social media channel.
The attacker often tells the victim that their account has been compromised in some way and they need to move their money to another account. Another common fraud technique involves asking for the customer’s PIN code or one-time passcode (OTP) so that the attacker can access the account and “fix” the problem.
Almost all bank impersonation scams include urgency and pressure, to get the victim to act before they have time to think it through.
What are Common Tactics Used in Bank Impersonation Attacks?
Attackers try hard to convince victims that they really do represent the bank. Tactics include:
- Sending an email from a fake domain that looks similar to the genuine bank domain, like c1tibank.com instead of citibank.com.
- Creating spoof websites that look like the real thing. Sometimes these can be very convincing.
- Manipulating caller ID to show your bank’s phone number.
- Using phishing attacks first to gain personal information like your name, date of birth, and address, which they use to convince the victim that the call is genuine.
- Sending text messages from a number that claims to be your bank.
What are the Warning Signs of Bank Impersonation Attacks?
- Urgency and pressure. Attackers try to create a stressful situation so that victims react without thinking logically. For example, they might say that there’s been a fraudulent transaction and the victim needs to act immediately to prevent it.
- Threatening language. Sometimes attackers threaten legal consequences if the victim doesn’t comply with their “fraud prevention” work.
- Asking for sensitive information. Real bank representatives never ask for personal information like someone’s PIN code, bank details, or one-time passcode.
- Money transfers. If someone asks to send money to a new account, a digital wallet, or to cryptocurrency “to keep it safe,” there is good reason to be suspicious.
- Unusual requests. Requests like asking for remote access to someone’s account, or help setting up a sting operation by accepting money from a particular account.
What are Types of Bank Impersonation Attacks?
What are Phishing Bank Email Attacks?
Attackers send an email that claims to come from the victim’s bank, or sometimes from their personal banker. These emails often use bank logos, branding, and sender names that closely resemble real bank domains to gain the recipient’s trust.
Attackers typically claim there is an urgent issue to prompt the recipient to click a link or download an attachment. The link usually leads to a fake banking website that steals login credentials, while attachments may install malware. Sometimes these emails are used to collect personal information for the attackers to use to make follow–up scam emails and calls more convincing.
What are SMS Bank Impersonation Attacks?
With SMS bank impersonation attacks, sometimes also called smishing scams, attackers exploit text messages to deceive victims. They’ll usually manipulate the sender ID so that it claims to come from the victim’s bank.
SMS bank impersonation scams typically alert the victim to an unauthorized transaction or account problems, and direct them to call a fake number or clink on a malicious link to resolve it.
What are Bank Impersonation Attacks Over the Phone?
This is when the attacker impersonates a bank employee over the phone. They frequently use spoofed caller IDs to make it look like they are calling from the bank’s official number. Some phone call bank impersonation scams involve AI deepfakes that imitate the real bank employee’s voice. In a rare case, an attacker used AI for a deepfake video call with the victim.
In bank impersonation phone calls, attackers generally try to pressure victims into authorizing a fraudulent transaction over the phone, sharing their one-time passcode or PIN, or moving their money to a new account.
What are Fake Banking Websites and Login Pages?
Fake banking websites and login pages are counterfeit sites created to mimic legitimate bank portals. These sites often use similar domain names, page layouts, and security imagery to appear authentic. Fake bank websites are used to steal login credentials for fraud, account takeover, or identity theft.
What is Social Media and Messaging App Impersonation?
In social media and messaging app bank impersonation attacks, cybercriminals create fake bank profiles or accounts on platforms such as Facebook, X (Twitter), Instagram, WhatsApp, or Telegram. Then they respond to customer complaints, send direct messages offering “account assistance,” or post fraudulent support links.
How Can Banks Protect Customers from Bank Impersonation Attacks?
The best way for banks to protect customers from bank impersonation attacks is through education. It’s important to keep reminding customers that a bank employee will never ask for their PIN or one-time passcode, or login details. Customers can also look up suspicious websites on the FDIC BankFind Suite: Find Institutions by Name & Location.
Customer outreach is another effective way to prevent bank impersonation attacks from succeeding. This is where banks get in touch with customers to gather more information about a suspicious transaction, to verify that it’s not the result of a scam.
Banks should set up channels for customers to easily report suspicious behavior or impersonation attempts. Bank phone numbers should always be registered on “Do not originate” lists. These are lists of inbound numbers that can’t be spoofed by scammers.
Information sharing is critical; banks need to share data about bank impersonation attacks, changing tactics, and common techniques. Banks should also regularly check the internet for fake or spoof websites, and monitor the dark web for emerging trends around bank impersonation.
What Are the Best Tools for Banks to Prevent Bank Impersonation Attacks?
- AI and Machine Learning (ML) Platforms: These systems analyze vast amounts of data in real time to identify unusual patterns or anomalies in transactions and behavior that could indicate a bank impersonation attack.
- Customer Outreach Platforms: These solutions automate real-time customer outreach using digital channels like push notifications, SMS messages, or email, thereby revealing transactions caused by bank impersonation attacks before any funds are moved.
- Brand Protection Platforms: These solutions automatically monitor social media platforms and websites for lookalike domains (typosquatting), fake accounts, and fraudulent content that’s used in bank impersonation attacks.
- Real-Time Transaction Monitoring Systems: These systems continuously analyze financial transactions to detect suspicious activity, such as unusual locations, rapid-fire transactions, or large transfers to new payees, before funds leave the account.
- Email Authentication Protocols: Protocols like DMARC, SPF, and DKIM can help prevent domain spoofing and brand abuse, ensuring that only legitimate bank emails are delivered to customers’ inboxes.
