BALTIMORE — Major banks are sounding the alarm about a surge in scammers posing as bank employees to steal sensitive information or pressure customers into transferring their own money. A Maryland man came close to losing $20,000, and the FBI says these attacks are getting more sophisticated with Account Takeover (ATO) fraud schemes.
Orhan Suleiman doesn't normally answer phone calls from unfamiliar numbers, but last month, he did.
“The first thing this individual did was say he was from the Bank of America Security and Fraud Group,” Suleiman said. “And then he proceeded to recite two facts.”
He says the caller shared details from two of his bank accounts.
“And this caller mentioned both by quantity and the time the transfers occurred, and then proceeded to tell me that I was about to send or I had initiated a transfer of $20,000 to somebody. And we suspect that may be a fraud. And I said, ‘Yeah, I’m not aware of that.’ ‘Well, we’ve stopped that,’” Suleiman recounted.
But the scammer claimed another $19,000 transfer was still pending and insisted Suleiman act immediately. This conversation unfolded while he was sitting in a doctor’s office waiting for an MRI.
“Just as I log on, he says, go to the wire section to transmit money,” Suleiman said. “And I’m thinking, why? And he said, start to put in, send it to so and so. At that point they called me in for the scan.”
That interruption gave him a moment to think.
“So after the scan, I’m thinking about this. I said this is a scam,” said Suleiman.
After his appointment, he drove to a local bank branch. The representative confirmed he didn't have any pending transactions and instructed him to change his passwords as soon as possible.
This holiday season, banks are warning customers about imposters, and the FBI has issued a new alert about account takeovers.
“We’ve had about 5,500 reported scams with losses of approximately $5.7 million in total,” said Special Agent David Paniwozik of FBI Baltimore. “Scammers use the spoofing and phishing because it works.”
Paniwozik said scammers are now adding a twist to a familiar tactic. Instead of those normal CAPTCHA tests where you click on traffic lights or motorcycles, victims are asked to prove they’re human by pressing a series of keys on their keyboard.
“Asking you to press Windows R, Control C, Control V, and then E,” Paniwozik said. “It says OK you’ve been verified, and what you’re unknowingly doing is giving your computer a command to install malicious software.”
Once installed, scammers can access bank accounts through saved logins.
“It’s usually the scammers who are always trying to get us on that sense of urgency,” he said. “Act now, act now, or else.”
The FBI says cybercriminals are also buying online ads to promote fake bank websites that look identical to the real thing. They steal your login information and once they’re in, they can quickly move your money into crypto wallets and even change your password to lock you out.
Investigators say you should turn on two-factor authentication on every account that offers it and never turn it off.
If you've been targeted or scammed, contact your bank immediately. Ask for a reversal and a hold-harmless or letter of indemnity. Acting quickly could limit or even prevent financial losses.
And the FBI wants you to report these attempts to the Internet Crime Complaint Center.