It is up 78% over one year: fake bank advisor fraud makes it possible to extract money by contacting the victim by telephone. Operating mode, defense and definition, Clubic takes an overview of the phenomenon.
The state organization Cybermalveillance.gouv.fr has, and it was necessary, highlighted this during its last activity report: in 2023, fake bank advisor scams will have jumped by 78%. Very sneaky, this technique used by scammers and pirates is trapping more and more people, both professionals and individuals. Inspired by the useful communication from the Cyberspace Command of the Ministry of the Interior (ComCyberMI) and Cybermalveillance.gouv.fr, we have decided to offer you an FAQ, in 5 questions, to find out and understand everything about this fraud.
What is fake bank advisor fraud?
The fake bank advisor scam consists, as its name suggests, of pretending to be a bank advisor, with the aim of obtaining from the target, perhaps a future victim, sensitive data such as PIN codes, banking and other identifiers.
With this data, the scammer can make transfers and online payments, all while having abusively exploited the credulity of the person trapped. Here we see a social engineering technique based on proximity and empathy, with nice financial gains, often thousands of euros, at stake.
To contact the victim in a credible manner, the hacker first retrieves certain information on dark social channels (Telegram and others), on the dark web, or on cybercriminal forums, sometimes for free or for, often, a few euros or tens euros. When he takes action, that is to say when he calls his victim, the scammer already has his telephone number, obviously, his postal and e-mail address, his identity and even his bank details. .
What procedure?
The scammer who turns into a fake bank advisor begins by contacting the victim by telephone. For example, he tells the latter that she was the victim of bank card fraud. Secondly, the criminal tells the person that he will cancel the fraudulent operations, which aims to reassure them, to establish this climate of trust in the middle of a storm. To appear more credible, the scammer asks his target to verify his personal information.
After the call and building trust, comes the compromise stage. Here, the scammer asks his victim to provide him with the confirmation codes that he receives by SMS, and to validate the transactions from the banking application.
This is where the thief can make fraudulent bank transfers and/or online payments. The last step consists of pushing the victim to cancel their bank card. The crook tells him to give them to a courier who will come and collect them.
How does the crook prepare his coup?
As we said, scammers don’t make calls without at least “ensuring” their success. They thus recover the victims’ data, upstream, on the dark web to launch their attack and be more credible in their exchange with the target.
Even more subtle, today, more than ever, hackers can rely on technological progress to make themselves virtually anonymous, with no shortage of voice modification tools. We can also cite the possibility of usurping a telephone number to hide one’s identity, which is called spoofing.
Finally, the criminals use what the authorities call a “ communication script “. They prepare a speech whose aim is to create an effect of surprise, and to exert psychological pressure on the recipient, reinforced by the urgent nature of the situation. Often, the latter misleads the victim and allows them to hit the mark.
Does the law punish scammers harshly?
Individuals who engage in fake bank advisor fraud risk a lot. First, they may be flagged for collecting personal data by fraudulent, unfair or illicit means. This qualification is punishable by 5 years of imprisonment and a fine of 300,000 euros.
The scam is punishable by a fine of 375,000 euros, as well as 5 years in prison. Finally, fraudulent access to an automated data processing system (STAD) is punishable by 3 years’ imprisonment and a fine of 100,000 euros. If there has been modification, deletion of data or alteration of the functioning of the system, the penalty can be increased to 5 years in prison and a fine of 150,000 euros.
How can we protect ourselves?
Fake advisor fraud can be scary, but several good reflexes can help you sniff out something bad. First, you should know that your banker will never ask you to carry out this or that banking transaction using an authentication tool within your banking application.
Then, even if you are asked for them, never communicate your confirmation codes. They are always intended for you, and you alone. If you have the slightest doubt when answering the phone call, hang up immediately and contact your bank. You will be able to know in a few minutes if you were with the right person.
Finally, in the event that you have, unfortunately, been the victim of fake bank advisor fraud, you must file a complaint without delay at the police station or gendarmerie. At the same time, modify your access codes to your banking space/application, and contact your bank to report your problem.
Sources: Cybermalveillance.gouv.frClubic
3