TR-80 - Targeted SMS and fake phone center call targeting financial/banking services

TR-80 - Targeted SMS and fake phone center call targeting financial/banking services

Back to Publications and Presentations

  1. Recent Phishing Scheme Combines SMS Alerts and Fraudulent Call Center Tactics
  2. Recommendations
  3. Example seen in Luxembourg
  4. SMS text:
  5. Transcript of the phone system (fake call center) (fr):
  6. Transcript of the phone system (fake call center) (en):
  7. Classification of this document
  8. Revision

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

Recent Phishing Scheme Combines SMS Alerts and Fraudulent Call Center Tactics

A newly identified phishing scam has emerged, employing SMS alerts that issue a fraud warning. These messages direct victims to a phone number located within the same country. Callers are greeted by what appears to be an official service, dubiously named ‘Centre Monétique Interbancaire de la Lutte Contre la Fraude’ or, in English, ‘Electronic Payment Center for the Fight Against Fraud.’ The initial telephone system recording is designed to sound professional, creating a facade of legitimacy. Following this recording, callers are connected to a supposed operator. This individual then requests various details typically required for blocking a card. However, in reality, the attacker exploits this information for fraudulent purposes.

Recommendations

  • Do not trust the content of SMS or email messages if you are unable to verify the sender through a different method. As usual, threat actors attempt to pressure potential victims, for instance, by suggesting time-critical blocking actions of financial transactions, which could be to the potential victim’s disadvantage.

  • Always verify any received messages by using official contacts referenced in previously trusted communications or directly through your banking application.

Example seen in Luxembourg

SMS text:

Luxtrust
Achat validé de 890 EUR
sur Remitly.
Si vous n'êtes pas à l'origine de l'opération, contactez immédiatement le : +35227942019
CLSY

Transcript of the phone system (fake call center) (fr):

Bonjour et bienvenue au centre monétique interbancaire de la lutte contre la fraude. Ce numéro est réservé exclusivement à la déclaration de fraude. Un conseiller va prendre votre appel. Nous ne sommes habilités à traiter aucune autre demande. Nos équipes n ‘ont accès ni à vos comptes, ni à votre conseiller. Avant de poursuivre, merci de vous munir de votre carte bleue et de l ‘identifiant de votre espace client Internet. Nous vous informons qu ‘en application de la directive européenne de paiement, la conversation sera enregistrée. Merci de bien patienter, un conseiller va prendre votre appel.

Merci de bien patienter, un conseiller va prendre votre appel.

Transcript of the phone system (fake call center) (en):

Hello and welcome to the interbank electronic payment center for the fight against fraud. This number is reserved exclusively for reporting fraud. An advisor will take your call. We are not authorized to process any other requests. Our teams do not have access to your accounts or to your advisor. Before continuing, please have your credit card and your Internet customer area identifier ready. We inform you that in application of the European payment directive, the conversation will be recorded. Please be patient, an advisor will take your call.

Please be patient, an advisor will take your call.

Classification of this document

TLP:CLEAR information may be distributed without restriction, subject to copyright controls.

Revision

  • Version 1.0 - TLP:CLEAR - First version - 07th Februrary 2024