Spoofing scams - be aware, stay prepared (FNBT debit cards are through Shazam)
By: The First National Bank in Tremont (FNBT)
From time to time, SHAZAM® is made aware of situations that may pose a risk to our clients. This information can come from various sources. When we’re made aware, we’ll in turn make you aware.
Summary
Recently, several financial institutions have reported an increase in spoofing attempts, where fraudsters reach out to their clients pretending to be from their financial institution, SHAZAM or another associated financial institution partner.
Spoofing is a type of social engineering tactic fraudsters use when they pretend to be someone or something else. These fraud attempts appear to be from a known phone number or text to win a person’s trust. A fraudster’s goal with spoofing is usually to gain access to financial accounts, steal data, steal money, or insert and spread malware.
Please be aware that spoofing is often followed up with a vishing attempt. When an unsuspecting victim responds to a spoofing text, the fraudster often calls them to ask questions that reveal personal identifiable information, including online banking credentials.
How SHAZAM communicates
SHAZAM never asks accountholders to click links or open attachments in our text messages. We only ask them to respond with either a yes or no. Our phone calls come from a variety of phone numbers. This is intentional and helps to enhance our call center services with additional layers of identity management. As a trusted financial partner, we won’t ask for any sensitive information on an outbound call. Additionally, any emails from SHAZAM will come from a shazam.net email domain. For example, our client communications, including this one, come from communication@shazam.net.
Protecting accountholders
The 4Us that can help you avoid a spoofing scam. The 4Us are Urgency, Unexpected, Unnerving and Under No Circumstance:
• SHAZAM doesn’t ask accountholders to open links in text messages. (Urgency and Unexpected)
o Example of Urgency and Unexpected communication: “Dear customer, your bank account has been compromised. Please click on this link immediately to verify your information and prevent your account from being locked.”
• SHAZAM doesn’t use threating language that accounts will be suspended or closed. (Urgency, Unexpected and Unnerving)
• SHAZAM doesn’t request personal identifiable information, including PIN numbers, full debit card numbers (including card numbers, CVV/CVC, and expiration dates), social security numbers, passwords or online banking credentials. (Under No Circumstance)
We would like to educate our accountholders on how to spot and avoid scams. If any unexpected communication is received, please call us to verify the origin of the communication. Accountholders can also report any fraud or scams to the Federal Trade Commission.