Stealing chips and PINs
In a new warning on its Internet Crime Complaint Center (IC3), the FBI breaks down how this scam works and what to look out for if you get a suspicious call on your phone.
To make this scam more believable, the scammers behind it provide several personal details during their initial phone call including a victim’s name, address and bank account information. While the FBI isn’t quite sure how they managed to obtain this sensitive data, the government agency did say that it doesn’t believe that specific groups of people are currently being singled out.
Normally when a call comes in from an unknown number, most people just don’t answer it. However, these scammers have figured out how to spoof the caller ID of a victim’s bank to ensure that they do.
Once on the phone, the scammer impersonating a bank employee asks about recent transactions to make them think that some kind of fraudulent activity involving their account has taken place. This is just a pretext to then get them to cut up their debit card while leaving its chip intact so that it can supposedly be returned to the bank.
Though this should stand out as a major red flag as no legitimate bank would ever ask one of its customers to do this, enough people have fallen for this scam that the FBI saw fit to issue a warning about it.
If the scam proceeds this far, the scammer on the phone then sends an accomplice to the victim’s house to pick up the chip from their cut-up debit card as they already have their address. If the scammers don’t have the victim’s PIN yet, either the scammer on the phone or their accomplice will use social engineering to coax it out of them.
With the chip from a debit or credit card and a victim’s PIN in hand, the scammers can then withdraw money and steal funds from their bank account. As this is being done in person instead of online, it likely wouldn’t alert a bank’s fraud detection systems, enabling the scammers to take your cash and run.
How to stay safe from scammers
Not answering calls or responding to messages or emails from unknown senders is usually how you would avoid falling to a scam like this. However, as the scammers behind this campaign are spoofing caller ID to appear as if they were actually calling from a victim’s bank, the whole situation is a bit more tricky.
There are some things you can do if you do happen to answer a call like this to weed out a scammer. For starters, pay close attention to the language they use and how they sound over the phone. Are they speaking in a professional manner like someone that works at a bank would? Is the call quality clear and is there a lot of background noise? Typically, banks are very quiet, so this could be another giveaway that you’re speaking with a scammer and not a bank employee.
From here, you can try asking them to answer some of your own questions. What city or state are they calling from? When was your account created? What is the last transaction they see on their system? The answers or lack thereof could help you figure out if this person is really who they say they are. Likewise, you can also hang up and try calling your bank to see if what the person who called you says is actually true.
Even if you do discover you’re speaking with a scammer, you still need to be careful with this particular campaign since the scammers do have access to your address. They might not take no for an answer after you hang up and they could have one of their accomplices visit your home. In that case, you want to keep your lights on, your doors locked and let someone else who’s close to you know what’s going on.
If you do experience this scam or a similar one, you’re going to want to inform the FBI’s IC3 hub so that they can warn others who could also be potential targets.