If you get a text from someone claiming to be your bank, don’t click on the link. A mobile phishing scam is texting people in Australia as well as the US and Canada claiming to be your bank. When you click on the included link, you’ll be taken to a website that may look like your bank’s website, but is actually a way to steal your login credentials.
In general, you should never click on a link that claims it’s coming from your bank, email service, or anywhere else where you might store personal or financial information. If you do get a message that you think might be legit, instead log in by typing that website into your browser personally, or in the case of banking, using the bank’s mobile app.
The current phishing campaign was discovered by researchers at the mobile security company Lookout, ZDNet reports. Lookout was able to determine at least 4,000 different IP addresses visiting the phishing websites, which suggests that at least 4,000 people received those fraudulent texts, clicking on the links, and potentially handed over their website credentials in the process.
The links those people clicked on where in a text saying that the bank had detected unusual activity on this account, asking them to follow a link to check if that activity is correct. Even the scam-savvy might consider the text legit and click on it.
Beyond stealing a user’s account info, some versions of the scam also asked additional “security” questions to allegedly confirm a user’s identity, often asking users to confirm their account number or enter their card’s expiration date.
Lookout has already contacted the banks that were targeted with this particular scam and all of the phishing sites have been taken down. Still, it’s a good reminder to never click on those links. Whenever you bank texts, emails, or calls you you’re a lot better off just contacting your bank directly rather than clicking on links or passing out personal info on a call you did not initiate.
In Australia, NAB is aware of three phishing scams targeting Australians. It said it was important customers did not click the link.
“NAB will never ask you to confirm, update or disclose personal or banking information via a link in an email or text message,” a NAB statement read. “If you have received this type of email or text message, and have clicked on the link or entered your details please contact your local branch or call 13 22 65 immediately.”
???? SCAM ALERT ???? Watch out for a new SMS #scam exploiting recent natural disasters & asking for your details to get an 8% tax bonus. Don’t click any links – even if it looks legit! Learn more @ https://t.co/wnXVHiqGZ2 pic.twitter.com/7A3QSfJZWv
— ato.gov.au (@ato_gov_au) February 13, 2020
Stay vigilant out there.
Additional reporting by Sarah Basford.