The multistep banking fraud scheme combines two common online fraud schemes: fraudulent emails and SMS, and voice call phishing or “vishing.”
A cybercriminal sends out a fake email made to look like it officially comes from a legitimate company. The email asks you to update your online banking information using an attached link. It also reminds you to expect a call from an “official” representative to verify details.
If you click on the attached link, you are taken to a fake login page and are asked to type in your details. This fake website is used to harvest sensitive information.
Once the scammers have your details, they will try to log in to your account. This triggers a One-Time Password prompt which is sent to your registered mobile number. The fraudster then asks you via SMS or voice call for the One-Time Password or ”activation code” sent to you . If they get this, they gain full access to your online banking account.
Share a scam that you know and help fight cybercriminals!
Adapted from “Beware of the multistep fraud”