Do not take any of these calls.
Anadolu Agency via Getty Images
You have been warned. The FBI has just issued a stark new warning as cyber criminals gain access to customer bank accounts, The bureau says these attackers have already stolen $262 million this year, with the threat likely to get worse over the holidays.
Some of these attacks come at you by text or email, tricking you into sharing one-time passcodes or even your actual password. “The cyber criminal then uses login credentials to log into the legitimate financial institution website and initiate a password reset, ultimately gaining full control of the accounts.”
ForbesMicrosoft’s New Update Deadline—550 Million Windows Users Must ActBy Zak Doffman
But the new advisory flags phone calls as the most serious risk. “Be suspicious of unknown ‘banking’ or ‘company’ employees who call you,” the FBI warns. “Don’t trust caller ID. Hang up, verify the correct number, and call it yourself. Companies generally do not contact you to ask for your username, password, or OTP.”
There are a range of other ways in which one of these attacks may target you — including manipulating search engine results to have a fake login page appear ahead of real pages in the results. That way, even if you hang up a call and search for a legitimate website, you could be fooled into accessing the wrong one.
The lures being users for attacks can vary, but they’re likely to include a sense of urgency to force you into acting before you have time to think. Fraudulent transactions, hijacked accounts or stolen passwords are always good entry points for an attack.
“Once the impersonators have access and control of the accounts,” the bureau says, “the cyber criminals quickly wire funds to other criminal-controlled accounts, many of which are linked to cryptocurrency wallets.” An attacker might also “change the online account password, locking the owner out of their own financial account(s).”
ForbesDo Not Click—This Porn Site Installs Malware On Your DeviceBy Zak Doffman
If you have fallen victim to any such attack, or if you have shared information or logged into an account using a website you now think may have been fake, contact your bank and explain the situation. And change your online passwords.
Whilst this FBI warning focuses on financial institutions, we’re also seeing new attacks pretending to be technical support — impersonating Apple or Google or others. The same rules apply. Do not engage. Hang up. Contact the company using their usual means, or ideally log into your account via an app and check for any messages.