SMS Scams Posing as US Banks

Bank SMS scams are a common way for criminals to gain unauthorized access to businesses' accounts and financial information.

SMS Scams Posing as US Banks: Ignore the Phony Banking Text and Phone Calls

Key Points:

  • Bank SMS scams are a common way for criminals to gain unauthorized access to businesses’ accounts and financial information.
  • Scammers are sending text messages to trick Citizens Bank customers into providing login credentials and passwords.
  • The fraudsters pose as Citizens Bank and send text messages asking customers to click a link to confirm unrecognized activities.
  • If a target falls into their trap, they may end up granting unauthorized access to attackers.
  • There isn’t a way to stop scammers from sending you smishing text — your best protective measure is to delete the message after receiving it.

Fraudsters send text messages to organizations claiming unrecognized activity on their account. The scammers pose as Citizens Bank and ask customers to confirm their activity by clicking a link.

While Citizens Bank sends text messages to its customers as part of fraud protection services, it doesn’t send unsolicited messages asking clients to click on any links.

YouTube video

How The Bank Smishing Scam Works

The scammer sends you a text message purporting to be a bank, alerting you of fraudulent activity or an update in your bank account. You may or not have an account with the bank.

The message will ask you to click a link for confirmation. Clicking the link will direct you to a spoofed website that aims at stealing your login credentials and passwords.

If your business has an account with Citizens Bank and tries to log in on the fake website, the scammers will steal your account login information and access your bank accounts.

Our Company Received a Citizens Bank Smishing Text

Our business faced one smishing attempt. The scammer sent a text message to one of our employees.

As cybersecurity experts, we bite their bait to see how far the scam goes. We clicked on the text link, which directed us to a CloudFlare service to check our browser. Hackers are getting more sophisticated and use services like CloudFlare to make their scams look legit.

Your business shouldn’t try clicking the link in a smishing attempt. We clicked it because we’re professionals in a highly controlled environment and can tackle the attacker better.

After a few seconds, the link redirected to a fake Citizens Bank login page. We examined the URL, which wasn’t the official Citizens Bank website. We also don’t bank with Citizens Bank, so we debunk the text as a scam.

The Best Way to Avoid Bank Smishing Scams

Businesses should be aware that banks rarely send random text messages. While banks send messages to their customers, your bank will never text or email you out of the blue asking you to confirm your account.

Since there isn’t a way to stop these scam attempts, your business can:

  • Avoid acting on smishing texts: Don’t click any link on the text, avoid calling the number, and don’t reply. Instead, delete the message.
  • Don’t share your information: Unless you’re confident you’re talking with a representative from Citizens Bank, don’t give out any personally identifiable information. No bank will ask for login credentials or financial information via unsolicited text.
  • Research and validate: If you receive an SMS claiming to be from your bank, and you’re concerned about the text’s legitimacy, reach out through the bank’s official number from their website. You can also visit the bank to validate the request.

K² Technologies Can Help Your Business Stay a Step Ahead of Scammers

Crooks use clever schemes to defraud businesses every year. The attacker always combines new technology with old tricks to make organizations share sensitive information and grant them unauthorized access.

At K² Technologies, we can help you spot imposters as early as they pop up to prevent anyone in your business from becoming a victim. Contact us today to protect your business from scams that emerge daily.