Banking Scams: American Express, Regions, NFCU, ICCU, and Bank of America

This article is from Trend Micro.

Everyone banks, with the bulk of it increasingly done via our phones. This ubiquity, not to mention the presence of money, is why banking scams are some of the most common (and most damaging) scams with which cybercriminals and fraudsters target consumers. The following are what we’ve found recently.

American Express Phishing Emails Scam

Example phishing email

Users have reported receiving malicious phishing emails purporting to be from American Express, as seen above. These emails are in fact from scammers, the intention being to get you to click on the link. The link takes would-be victims to a fake webpage where your log-in details will be harvested. Once they have that information, scammers can carry out activities such as theft and identity fraud — don’t let them!

Email Content:

• Dear Customer, For your protection, we have placed your account on hold temporarily and placed any pending orders or subscriptions on hold as well. Your account will remain on hold until we are able to confirm that your authorized recent payments.  MANAGE MY ACCOUNT Once you have provided the required information, we will review it and respond within 24 hours. Thank you for choosing American Express. American Express

Fake American Express log-in page

Real American Express log-in page

Above are two American Express log-in pages, one fake and one real. As you can see, they are scarily similar. In the case of convincing fakes, the best giveaway is the URL address. The legitimate web address is americanexpress.com/en-us/account/login. Fake URLs we have discovered include:

• hxxps://kutt[.]it/heyteen18
• hxxps://staging[.]kleenso[.]com/cg/americanexpress.com.login-verification/AMEX/Amex/home/

Regions Bank SMS Phishing Scam

Elsewhere, scammers are posing as Regions Bank, a popular bank in the South and Midwest, with a particularly high number of scam reports in Florida and Texas. The scam text message (“smishing”) informs the would-be victim of some account issue that requires “verification”, the intention being to obtain your details.

SMS Content:

• regions alerts your online access is restricted. visit [URL] immediately to take necessary steps to protect your account.
• regions-smsalerts your account is under review, please verify your information or your login-acess maybe revoked. [URL]
   
  Following the link will take you to a fake webpage, such as that below. Notice the strange URL — don’t fall for it!

Fake log-in page

Protect Yourself with Trend Micro Check

• Double-check people’s contact details — and URLs.
• Reach out to official websites and support pages directly for help if in doubt.
• NEVER use links or buttons from unknown sources! Use Trend Micro Check to detect scams with ease: Trend Micro Check is an all-in-one browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links — and it’s FREE!

Given you’ll be required to enter personal information on these kinds of platforms, ID Security will also ensure you’re never the victim of a data breach.

NFCU SMS Phishing Scam

Navy Federal Credit Union (NFCU) is the largest retail credit union in the US. Unfortunately this makes its members a prime target for scammers. Recently there has been a large wave of smishing attacks under the guise of NFCU — with queries on Google up 550%.

Source: Online Threat Alerts / ScamWatcher

Source: Reddit / ScamWatcher

As seen above, the alerts are of two types: large payments and account issues. In both cases, the scammer’s objective is to get the would-be victim to panic and follow the link with promise of being able to resolve the issue. Of course, there IS NO issue — but trying to log in on one of their fake webpages will bring all kinds of issues. Note the spelling errors, inconsistent caps, and strange spacing.

We previously reported on NFCU smishing back in August — while it rears its head again, be wary.

SMS Content:

• Navy Federal Credit Union Protection department : 1-888-842-6328 Do you recognize: Walmart charge $450.00 that was taken place today ! Reply Y or N. STOP to end
• NFCU Alert: We’ll never call you to confirm it. 096127 is your NFCU security code to approve wire payment of $2100.00. Not You? Visit [URL] to cancel
• NFCU Alerts: Your wire payment of $1750.00 was succussfully processed. In review no further action is needed. Not You? Visit [URL] immediately
• NFCU: Alerts, Your Account has been disabled due to unusual activity. Visit [URL] to verify your account.
   
  We’ll end here with two more banking smishing examples: Bank of America, and Idaho Central Credit Union (ICCU). Once again, note the errors and inconsistencies. Don’t fall for them!

Source: Reddit (BoA)

Source: ICCU

SMS Content:

• Bank of America: Did you try to login to your account on 09/12/2022 at 3.43 PM, on an unsupported device? If this wasn’t you visit: [URL]
• ICCU Debit request alert of $7386.00 from MARIAV TELCOM GADGET Store. If  Unrecognized Visit [URL] to confirm or cancel.
   
  Be safe out there, folks! Remember to check out this page for more information on Trend Micro Check. And as ever, if you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected.

Source: pexels.com