F&M’s customer support center has received reports that scammers are calling customers from what appear to be legitimate F&M phone numbers, asking them to verify a fictitious debit card transaction. Once the victim denies involvement in the transaction, the scammer then requests access to the victim’s online banking to check for “additional charges” and “suspicious logins.”
REMINDER: F&M Bank will never request access to your online banking ID or password.
This fraudulent tactic is called spoofing and is the most common compromise that we see. The scammer installs software to remotely access the victim’s device, and once the victim signs into their online banking, the scammer can then initiate Zelle debits, Bill Pay, and access their account and personal information.
Other common scams include scammers posing as bank employees and advising clients to withdraw funds from their accounts due to a “compromise” of their account. The bad actors then coerce the victims to deposit the funds at the cryptocurrency ATM or purchase gift cards using the funds.
The Federal Communications Commission has provided information on how to identify and avoid Caller ID Spoofing. Learn more on how to prevent yourself from becoming a victim of spoofing by watching the video below or visiting the FCC website.
How to Avoid Spoofing
You may not be able to tell right away if an incoming call is spoofed. Be extremely careful about responding to any request for personal identifying information.
- Don’t answer calls from unknown numbers. If you answer such a call, hang up immediately.
- If you answer the phone and the caller – or a recording – asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
- Do not respond to any questions, especially those that can be answered with “Yes” or “No.”
- Never give out personal information such as account numbers, Social Security numbers, mother’s maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
- If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company’s or government agency’s website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
- Use caution if you are being pressured for information immediately.
- If you have a voicemail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voicemail if you do not set a password.
- Talk to your phone company about call blocking tools and check into apps that you can download to your mobile device. The FCC allows phone companies to block robocalls by default based on reasonable analytics. More information about robocall blocking is available at fcc.gov/robocalls.
Remember to check your voicemail periodically to make sure you aren’t missing important calls and to clear out any spam calls that might fill your voicemail box to capacity.
Stay up-to-date on industry news and cybersecurity tips by joining our newsroom community.
Above bulleted points provided by the Federal Communications Commission.