Cyber-thieves have launched a major effort to steal bank account and credit card account information. The attack uses automated telephone calls and bogus text message alerts (a scam known as smishing) that are supposedly from Wells Fargo bank.
This massive attack was reported in Oregon, Utah and South Dakota about a month ago. It hit Washington, Colorado and Iowa last week.
The bogus messages are designed to get you to take action right away. Some warn that a suspicious purchase has shown up on your account. Others falsely say your account has been closed or is about to be shut down. Whatever the message, the goal is the same.
One common text alert reads:
WELLS FARGO ALERT: Your card starting with 4868 has been deactivated. Please contact us at (a local phone number).
"They ultimately want you to call a number they provide [in the text message] or press one on your phone to be connected to another number where they'll start asking you personal questions,” said Laura Underhill with Wells Fargo communications.
I got one of the automated calls. It said, “This is an official notification from Wells Fargo informing you that your card has been locked for security reasons. To unlock it please press 1 now.”
I pressed one and was greeted by another bogus automated message.
“Welcome to Wells Fargo online 24-hour card activation service. Please enter your 16-digit credit card number now.”
That’s when I hung up.
Wells Fargo says people who punch in their card number are then asked for their PIN and mother’s maiden name. Sometimes they’re asked for their Social Security number.
"They're just trying to get as much personal information from you as they can, in order to access your account,” Underhill says.
By the way, many of the people getting these alerts are like me — we don’t have Wells Fargo accounts. That’s because the bad guys use a shotgun approach. They just use a random dialer to send out the automated calls and text alerts by the millions. They hope people who do have an account will take the bait.
These “phishing” and “smishing” scams are not limited to Wells Fargo. The Washington State Attorney General’s office put out a consumer alert on Friday warning that similar bogus text message alerts are being sent out claiming to be from Bank of America, Chase, Citibank and Capitol One.
Protect yourself
Never respond to an e-mail, phone call (automated or live person) or text message that wants your personal financial information, no matter how scary or legitimate it may seem. Your financial institution has this information and will NEVER ask for it this way.
Should you receive an alert like this and feel the need to check it out, call the institution, using a number you can trust. That would be the one on the back or your credit, debit or ATM card, on your monthly statement or the company's website.
If you’ve fallen for this scam, contact your bank right away. Then monitor your accounts for any suspicious activity. You should also file a complaint with the Federal Trade Commission and the FBI.