<html><head></head><body><div class="ydp931e3087yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div></div>
<div dir="ltr" data-setdir="false">Banking malware on Android is a known security issue. I use my Comcast VOIP landline when calling about anything non-emergency having to do with anything financial. I simply do not trust the following:</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">SMS text services</div><div dir="ltr" data-setdir="false">Cell phone communications in general</div><div dir="ltr" data-setdir="false">Cell phone direct alerts or notifications</div><div dir="ltr" data-setdir="false">Any Fintech or banking cell phone App</div><div dir="ltr" data-setdir="false">Any Android cell phone, due to several kinds of known Android cross-app malware vectors</div><div dir="ltr" data-setdir="false">Any Caller ID service</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">I have not had issues using my Comcast VOIP landline when calling about card irregularities or responding to freezes on the cards or when the bank or card issuer call me to verify recent activity on the card or in the bank account.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">I also have credit monitoring in place in connection with an incident initiated from within Wells Fargo Bank (where I don't have any accounts) wherein fake Fintech App accounts were attempted to be set up by (very dumb) criminals. </div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">Wells Fargo has virtual (online-only "bank") presence and Fintech Apps which have been used by criminals to subvert Wells Fargo backed credit cards. This is an ongoing issue with them and at least two other nationwide banks. </div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">-- Bob Primak</div><div dir="ltr" data-setdir="false"><br></div>
</div><div id="yahoo_quoted_8250527107" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Thursday, October 19, 2023 at 06:02:39 PM EDT, Steve Isenberg via LCTG <lctg@lists.toku.us> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="yiv6251517971"><div><div dir="ltr"><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:#0b5394;" class="yiv6251517971gmail_default">Gentlepeople, <br clear="none"></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:#0b5394;" class="yiv6251517971gmail_default">As a followup and apologies for Yet Another Email: I've found out more information; it may be caused by Android malware. (If you have an iPhone then (as far as I can see) you would not be affected, it affects Android phones.)<br clear="none"></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:#0b5394;" class="yiv6251517971gmail_default"><br clear="none"></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:#0b5394;" class="yiv6251517971gmail_default"><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default">My
brief search gave me info that there's malware that may be the cause. </div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default">Victim's Android phone somehow gets infected with the Android.Fakebank malware; this then
redirects any calls the victim dials to telephone number X (legit bank number)
to another telephone number Y (crook's phone). Apparently this sort of
thing has been around since 2013.<br clear="none"></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default"><br clear="none"></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default">See: <br clear="none"></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default"><a rel="nofollow noopener noreferrer" shape="rect" target="_blank" href="https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/fakebank-intercepts-calls-banks">https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/fakebank-intercepts-calls-banks</a></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default"><a rel="nofollow noopener noreferrer" shape="rect" target="_blank" href="https://acgbizj3.advisorproducts.com/insights/consumer-alert-crooks-are-intercepting-calls-to-bank-phone-numbers-on-back-of-credit-cards-7">https://acgbizj3.advisorproducts.com/insights/consumer-alert-crooks-are-intercepting-calls-to-bank-phone-numbers-on-back-of-credit-cards-7</a> (I didn't watch the video)</div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default"><a rel="nofollow noopener noreferrer" shape="rect" target="_blank" href="https://www.bleepingcomputer.com/news/security/android-malware-intercepts-phone-calls-to-connect-banking-users-to-scammers/">https://www.bleepingcomputer.com/news/security/android-malware-intercepts-phone-calls-to-connect-banking-users-to-scammers/</a></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default"><a rel="nofollow noopener noreferrer" shape="rect" target="_blank" href="https://www.digitaltrends.com/mobile/android-trojan-call-block/">https://www.digitaltrends.com/mobile/android-trojan-call-block/</a></div></div></div><br clear="none"><div id="yiv6251517971yqt09210" class="yiv6251517971yqt9215176960"><div class="yiv6251517971gmail_quote"><div dir="ltr" class="yiv6251517971gmail_attr">On Thu, Oct 19, 2023 at 5:31 PM Steve Isenberg <<a rel="nofollow noopener noreferrer" shape="rect" ymailto="mailto:smisenberg@gmail.com" target="_blank" href="mailto:smisenberg@gmail.com">smisenberg@gmail.com</a>> wrote:<br clear="none"></div><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex;" class="yiv6251517971gmail_quote"><div dir="ltr"><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default">Gentlepeople,</div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default">I received an email today from a respected professional who said that there is a new danger when you call the telephone number on the back of your credit card. There are apparently people who have found out how to hijack these numbers, so that when you think you are calling your bank you are instead calling a crook.</div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default"><br clear="none"></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default">Question: are you aware of any technology, methodology, back-door, or fault in some system(s) that allows this?</div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default"><br clear="none"></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default">My source says that to protect yourself, when you call, ask them to tell you something that they can only know about you if they have legitimate access to your account information, like the amount of your last deposit.</div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default"><br clear="none"></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default"></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default">Thanks for your insight,</div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default">-steve</div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default"><br clear="none"></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default">PS: From my source's message:</div><div style="font-family:trebuchet ms, sans-serif;color:rgb(11,83,148);margin-left:40px;" class="yiv6251517971gmail_default"><font size="2"><span style="font-family:New;">Some
people have figured out how to hijack the phone numbers on the back of
bank and credit cards, and probably phone numbers that you would find on
a legitimate bank or credit card or other company website.</span></font></div><div style="font-family:trebuchet ms, sans-serif;font-size:small;color:rgb(11,83,148);" class="yiv6251517971gmail_default"><p style="margin-left:40px;" class="yiv6251517971MsoNormal"><font size="2"><span style="font-family:New;">[A woman] got a call from “Microsoft”, claiming that she had a charge of
$2000 that had been “pre-authorized” by her bank. The caller said,
look, you don’t have to trust me, call your bank to verify. </span></font></p><p style="margin-left:40px;" class="yiv6251517971MsoNormal"><font size="2"><span style="font-family:New;"> </span></font></p><p style="margin-left:40px;" class="yiv6251517971MsoNormal"><font size="2"><span style="font-family:New;">[She] called the number on the back of her bank card, and got a
“bank official” who tried to walk her through a familiar scam, asking
her to withdraw her money from her bank account so that the
“pre-authorized” charge would not be able to be withdrawn, and to bring
the money to a bitcoin machine. Fortunately, she realized that
something was very wrong, and stopped the process and asked for help. </span><span style="font-family:New;"><br clear="none"></span></font></p><p class="yiv6251517971MsoNormal"><span style="font-size:14pt;font-family:New;"><br clear="none"></span></p><p class="yiv6251517971MsoNormal"><span style="font-size:14pt;font-family:New;">My source cited </span><a rel="nofollow noopener noreferrer" shape="rect" target="_blank" href="https://moneyful.com/blog/yikes-crooks-are-intercepting-calls-to-bank-phone-numbers-on-back-of-credit-cards">https://moneyful.com/blog/yikes-crooks-are-intercepting-calls-to-bank-phone-numbers-on-back-of-credit-cards</a></p><p class="yiv6251517971MsoNormal"><span style="font-family:times new roman, serif;"><font size="4" style="background-color: inherit;">Snopes does not know about this, yet.</font></span><br clear="none"></p><p class="yiv6251517971MsoNormal"><span style="font-size:14pt;font-family:New;"><u></u> <br clear="none"></span></p> </div></div>
</blockquote></div></div>
</div></div><div class="yqt9215176960" id="yqt83219">===============================================<br clear="none">::The Lexington Computer and Technology Group Mailing List::<br clear="none">Reply goes to sender only; Reply All to send to list.<br clear="none">Send to the list: <a shape="rect" ymailto="mailto:LCTG@lists.toku.us" href="mailto:LCTG@lists.toku.us">LCTG@lists.toku.us</a> Message archives: <a shape="rect" href="http://lists.toku.us/pipermail/lctg-toku.us/" target="_blank">http://lists.toku.us/pipermail/lctg-toku.us/</a><br clear="none">To subscribe: email <a shape="rect" ymailto="mailto:lctg-subscribe@toku.us" href="mailto:lctg-subscribe@toku.us">lctg-subscribe@toku.us</a> To unsubscribe: email <a shape="rect" ymailto="mailto:lctg-unsubscribe@toku.us" href="mailto:lctg-unsubscribe@toku.us">lctg-unsubscribe@toku.us</a><br clear="none">Future and Past meeting information: <a shape="rect" href="http://LCTG.toku.us" target="_blank">http://LCTG.toku.us</a><br clear="none">List information: <a shape="rect" href="http://lists.toku.us/listinfo.cgi/lctg-toku.us" target="_blank">http://lists.toku.us/listinfo.cgi/lctg-toku.us</a><br clear="none">This message was sent to <a shape="rect" ymailto="mailto:bobprimak@yahoo.com." href="mailto:bobprimak@yahoo.com.">bobprimak@yahoo.com.</a><br clear="none">Set your list options: <a shape="rect" href="http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com" target="_blank">http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com</a><br clear="none"></div></div>
</div>
</div></body></html>