[Lex Computer & Tech Group/LCTG] Crooks hijacking calls to banks?

Thu Oct 19 16:50:27 PDT 2023

 Banking malware on Android is a known security issue. I use my Comcast VOIP landline when calling about anything non-emergency having to do with anything financial. I simply do not trust the following:
SMS text servicesCell phone communications in generalCell phone direct alerts or notificationsAny Fintech or banking cell phone AppAny Android cell phone, due to several kinds of known Android cross-app malware vectorsAny Caller ID service
I have not had issues using my Comcast VOIP landline when calling about card irregularities or responding to freezes on the cards or when the bank or card issuer call me to verify recent activity on the card or in the bank account.
I also have credit monitoring in place in connection with an incident initiated from within Wells Fargo Bank (where I don't have any accounts) wherein fake Fintech App accounts were attempted to be set up by (very dumb) criminals. 
Wells Fargo has virtual (online-only "bank") presence and Fintech Apps which have been used by criminals to subvert Wells Fargo backed credit cards. This is an ongoing issue with them and at least two other nationwide banks. 
-- Bob Primak
    On Thursday, October 19, 2023 at 06:02:39 PM EDT, Steve Isenberg via LCTG <lctg at lists.toku.us> wrote:  

 Gentlepeople,  
As a followup and apologies for Yet Another Email: I've found out more information; it may be caused by Android malware.  (If you have an iPhone then (as far as I can see) you would not be affected, it affects Android phones.)

My brief search gave me info that there's malware that may be the cause.  Victim's Android phone somehow gets infected with the Android.Fakebank malware; this then redirects any calls the victim dials to telephone number X (legit bank number) to another telephone number Y (crook's phone).  Apparently this sort of thing has been around since 2013.

See: 
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/fakebank-intercepts-calls-bankshttps://acgbizj3.advisorproducts.com/insights/consumer-alert-crooks-are-intercepting-calls-to-bank-phone-numbers-on-back-of-credit-cards-7 (I didn't watch the video)https://www.bleepingcomputer.com/news/security/android-malware-intercepts-phone-calls-to-connect-banking-users-to-scammers/https://www.digitaltrends.com/mobile/android-trojan-call-block/
On Thu, Oct 19, 2023 at 5:31 PM Steve Isenberg <smisenberg at gmail.com> wrote:

Gentlepeople,I received an email today from a respected professional who said that there is a new danger when you call the telephone number on the back of your credit card.  There are apparently people who have found out how to hijack these numbers, so that when you think you are calling your bank you are instead calling a crook.
Question: are you aware of any technology, methodology, back-door, or fault in some system(s) that allows this?
My source says that to protect yourself, when you call, ask them to tell you something that they can only know about you if they have legitimate access to your account information, like the amount of your last deposit.
Thanks for your insight,-steve
PS: From my source's message:Some people have figured out how to hijack the phone numbers on the back of bank and credit cards, and probably phone numbers that you would find on a legitimate bank or credit card or other company website.
[A woman] got a call from “Microsoft”, claiming that she had a charge of $2000 that had been “pre-authorized” by her bank. The caller said, look, you don’t have to trust me, call your bank to verify. 

[She] called the number on the back of her bank card, and got a “bank official” who tried to walk her through a familiar scam, asking her to withdraw her money from her bank account so that the “pre-authorized” charge would not be able to be withdrawn, and to bring the money to a bitcoin machine. Fortunately, she realized that something was very wrong, and stopped the process and asked for help. 

My source cited https://moneyful.com/blog/yikes-crooks-are-intercepting-calls-to-bank-phone-numbers-on-back-of-credit-cards

Snopes does not know about this, yet.

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to bobprimak at yahoo.com.
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20231019/97fb4fcf/attachment.htm>