If you receive a text message claiming to be from your bank with a link, don’t click it. There’s a new scam in the US and Canada where scammers send texts pretending to be your bank.
If you click on the link, it takes you to a fake website that looks like your bank’s site, but it’s actually designed to steal your login details.
Always be cautious with links, especially if they say they’re from your bank, email service, or any site where you keep personal or financial information. If you think a message might be real, don’t click any links. Instead, go directly to the website by typing it into your browser yourself, or use your bank’s mobile app to log in.
Researchers at the mobile security company Lookout found a phishing campaign, as reported by ZDNet. Lookout discovered that at least 4,000 different IP addresses visited the fake websites set up by scammers. This means that about 4,000 people might have received these scam texts, clicked on the links, and possibly gave away their login information.
The scam text told people that their bank noticed unusual activity on their account and asked them to click a link to check if the activity was correct. Even those who usually recognize scams might think this text is real and click on the link.
Besides taking users’ account information, some versions of the scam also asked extra “security” questions. They pretended to confirm the user’s identity by asking for their account number or their card’s expiration date.
Lookout, the security company, has informed the banks involved about this scam, and all the fake websites have been shut down. This is a good reminder to never click on links in unexpected messages.
If your bank sends you a text, email, or calls you, it’s much safer to contact your bank directly instead of clicking on links or giving out personal information on a call you didn’t start.