Sri Lanka CERT has alerted the public to a rising credit card scam involving fake SMS messages and online alerts claiming cards have been suspended due to “suspicious activity.”
Victims are tricked into clicking links and entering personal information, including NIC numbers, after being warned their cards will be cancelled within 24 hours. Scammers then use this data and obtain OTPs to steal funds from accounts, CERT said yesterday in a statement titled Public Advisory: Financial Fraud – Do Not be Deceived by Bank or Police Impersonation Scams’.
Full text of the statement: Sri Lanka CERT has received multiple complaints regarding an ongoing fraudulent scheme in which scammers send SMS messages and online notifications falsely claiming that credit cards have been suspended, with the intention of unlawfully obtaining money and personal information from the public.
Approach Used by Fraudsters
1. Fake Bank Alerts via SMS and Online Messages
It has been reported that scammers send messages stating that a credit card has been suspended due to “suspicious activity,” often mentioning the names of several well-known banks to appear credible. Recipients are instructed to reactivate their cards by clicking on a link and providing sensitive personal information, including their National Identity Card (NIC) number.
These messages typically warn that the card will be permanently cancelled if the information is not provided within 24 hours, creating a sense of urgency. Alarmed recipients may then click on the link and submit their details. Subsequently, fraudsters gain access to the victims’ bank accounts, send a One-Time Password (OTP) to the victim’s phone, obtain that OTP through deception, and proceed to steal funds from the account.
2. Police Impersonation via WhatsApp Video Calls
In another reported method, some victims have received WhatsApp video calls from individuals dressed in police uniforms, impersonating Assistant Superintendents of Police. These callers claim that a criminal is in police custody and allege that the criminal has used the victim’s name and NIC details to obtain credit cards from multiple banks and commit large-scale fraud.
The impersonators pressure and intimidate victims by questioning them while quoting their NIC numbers and bank account details. Complaints indicate that this information is often data previously obtained through earlier fraudulent messages but is presented in a way that makes victims believe it is being accessed by law enforcement. Victims are then threatened with arrest, leading to some transfer of large sums of money in an attempt to avoid legal action.
Advisory to the Public
Sri Lanka CERT strongly urges the public to:
Never share personal or financial information, including NIC numbers, card details, passwords, or OTPs, through unknown or unverified links received via SMS, email, or online messages.
Be cautious of unsolicited calls or video calls, even if the caller claims to be a police officer or bank official.
Verify directly with your bank or the relevant authorities using official contact details before taking any action.
Report suspected fraud immediately to your bank.
Staying vigilant and informed is essential to protecting yourself and others from these fraudulent activities.
from The Island https://ift.tt/mjdTHIM
No comments:
Post a Comment