Beware of an increasingly common scam

By the Risk Performance and Technology group

Original, as it appears on Finance et Investissement –

The media has been warning the public about an increasingly popular and frightening scam.


Not long ago, I was called to investigate a fraud case. Highly lucrative for cybercriminals, this scam is easy for them to carry out. Here’s how it works:

You receive a call from the bank with which you regularly conduct business for your clients. In fact, you handle a great deal of their assets and transactions. The tone of the person on the other end of the line is very serious. They inform you that due to a major technical problem, your professional banking applications may be unavailable for several hours. In an effort to be proactive, their department has been asked to call clients to help them reconnect.

You’re a bit skeptical, but the caller seems professional and genuine. They know your relationship with the bank, give you a 1-800 number to call back in case of a problem and provide their name—in short, the kind of information that makes it look like they’re indeed calling from the bank’s branch or local office.

The person on the line apologizes profusely, explains that the problem is major and that they will do everything they can to minimize the disruption to your operations. With so much goodwill, what can you say but thank you and try to be understanding.

The person will then tell you that they will help you connect to the new interface of the banking application that is being migrated. They also add that they will work according to your schedule in order to accommodate you. At this point in the conversation, in most cases, the confidence threshold is reached and vigilance decreases in favour of goodwill.

A few minutes later, the individual calls back or you call them back at the 1-800 number provided and that plays automatic messages and hold music similar to what you would hear at your bank. The person answers—friendly, serious and accommodating as ever. You are given a shortened Internet address to facilitate access to the new site in order to test your browser’s compatibility and check whether the banking site displays correctly for you. They tell you that the site is being migrated and that there may be some small glitches that will be quickly resolved. The person reminds you that using the new site will automatically initiate the migration of your account and your access and that if you try to reconnect on the old interface, you will delay the supposed migration. Therefore, you will need to be accommodating and patient. The person will ask you to create new security questions by first typing the old answers to validate your identity and entering the temporary code of your authentication token provided by the bank.

Here is what is actually happening: By connecting to the supposed new site, which is fake but on which the fraudster installed a “legitimate” maintenance program—in other words, one that will not be detected as a threat by an antivirus program—you are giving the fraudster access to your computer. This type of remote computer maintenance program does not require elevated user privileges to install itself. It installs silently and provides access to your computer as if the fraudster were in front of it. They can then do whatever they like, see all the computer operations performed, and consult documents on all your drives (hard, network or removable). They can also record keystrokes.

You will be asked to authenticate yourself again on the fake site. The fraudster now has all the information needed to connect directly to the bank’s real site. The fraudster will disable security notifications on your account, change your password on the banking site and start adding payees, carrying out transactions and making transfers. All this while profusely apologizing for the inconvenience caused by the so-called “migration.” In a few hours, transactions for tens or even hundreds of thousands of dollars will be carried out.

The takeaway here? Be vigilant! When you come across an unusual situation, double-check everything using reliable processes that can be verified and call the number on the back of your debit card to speak to your account managers so they can help you authenticate and understand the situation. Doing this will make the bank accountable.

Remember that these fraudsters have a lot of information disclosed by your digital footprint or digital persona. We may not want to believe it, but a great deal of information about us is available on the dark net, the underworld of the Web. The question of “Why me?” has never been so pointless and meaningless as it is today. The profitability of cyber fraud—estimated at more than 1400% by the firm Trustwave—means we are all lucrative targets. Time to open our eyes.