A fraudulent scheme has been occurring in which scammers impersonate bank representatives, hereinafter “impersonators,” to fraudulently obtain bank cards (with “chips”) from bank customers. The safety concern is the impersonators are hiring accomplices to come to the customer’s home, the Federal Bureau of Investigation warned the public Friday.
How the Scheme Works
Bank customers are contacted by phone from a number that caller ID indicates is from their bank. The impersonator then asks about recent transactions to lead the customer to believe there is fraudulent activity involving their account. Bank customers are then advised to cut up their bank card but are instructed to leave the chip intact for return to the bank, according to the press release.
Next, the impersonator arranges for an accomplice, also allegedly “from the bank,” to pick up the bank card (with chip intact) from the customer’s residence. If the impersonators do not currently have the customer’s PIN, the accomplice or impersonator will use social engineering techniques to obtain this from the customer. It has been reported that if the customer has not already done so, the accomplice may “assist” the customer by cutting the card and leaving the chip intact before departing with the remnants. With the chip and PIN, the impersonators can steal funds from the bank customer’s account, the press release stated.
It is unknown how the impersonators are obtaining personal information (name, address, and bank account information). At this time, it is not believed specific demographics are being targeted, the release stated.
Victim Reporting
The FBI requests these fraudulent or suspicious activities be reported to the FBI IC3 at www.ic3.gov as quickly as possible. Be sure to include:
- How the complainant was contacted, including phone numbers.
- Any aliases utilized.
- Please include the keywords #BankChipHack.
Those affected should also contact their financial institution account providers immediately to regain control of their accounts, change passwords, and place alerts on their accounts for suspicious login attempts and/or transactions, the release stated.
