Bank investigator
Fraud alert!
September 10, 2024: Be aware of fraudsters claiming to be your financial institution and asking you to share etransfer URLs or “codes” or your multi-factor authenticationprotection code. This is a scam! Your financial institution will never ask you for thisinformation.
Scam medium:
- Phone and fax
Targeting:
- Individuals
On this page
- Dial *72
- Residence visits
- Catch a bank employee
- Unauthorized charges or compromised account
- Sharing e-transfer URL
- Sharing multi-factor authentication (MFA) code
- Warning signs and how to protect yourself
Bank investigator fraud can have many variations such as a fraudster calls you to ask for your help to catch a bank employee who has been stealing money or claims to be helping you resolve suspicious transactions on your bank account.
Dial *72
You are directed to dial *72 followed by a phone number. *72 is used to forward any calls to your phone number to an alternate phone number. If you dial *72, fraudsters will receive all incoming calls including legitimate financial institution phone calls that may potentially flag actual fraudulent charges by the fraudsters.
Residence visits
Fraudsters go to your residence in person to pick up your bank cards. Some recent reporting identified victims being directed to put their bank card and PIN number in an envelope and place on their front steps for pick-up by an "investigator". Fraudsters retrieve the card and proceed to complete unauthorized transactions.
Catch a bank employee
A scammer calls you to ask for your help to catch a bank employee who has been stealing money. To help, you need to go to your bank and make a cash withdrawal from your account. The scammer tells you not to let the bank teller know what you're doing because the teller might be involved. After the withdrawal, the scammer meets you in a nearby parking lot, where you turn over the cash.
Unauthorized charges or compromised account
The scammer claims to be from the bank or a major credit card provider. They say there are unauthorized charges on your account or your account is compromised. In some cases, the scammer demands that you provide your credit card information. The scammer will tell you to send money for reimbursement fees or as "bait money" to help catch a bad "employee".
Sharing e-transfer URL
Fraudsters will convince you that you have to send an e-transfer to your own cellphone number in order to protect your account until a new debit card is issued. They will tell you:
- how to add yourself as a payee
- to increase your daily e-transfer limit to $10,000
- the e-transfer question and answer that you must use
Once you send the e-transfer transaction they will ask you for a “code” which is actually the last portion of the e-transfer URL/link you receive. If you provide the “code”, fraudsters will be able to deposit the funds into their own account.
In some cases, fraudsters may have some of your personal information like name, date of birth, phone number, address and debit card number to make the call seem legitimate. Fraudsters are also spoofing financial institution phone numbers or are providing fraudulent call-back phone numbers which impersonate the financial institution.
Sharing multi-factor authentication (MFA) code
Fraudsters may have your debit card number and password, but cannot access your account due to multi-factor authentication protection. They will contact you claiming to be your financial institution and will tell you that you must provide the code you receive by text message or email to confirm your identity. That code is the multi-factor authentication code which gives the fraudsters full access to your bank account.
Warning signs and how to protect yourself
- Criminals use Call-Spoofing to mislead victims. Do not assume that phone numbers appearing on your call display are accurate
- If you get an incoming call claiming to be from your financial institution, advise the caller that you will call them back. End the call and dial the number on the back of your bank debit card from a different phone if possible or wait 10 minutes before making the outgoing call
- Never provide details of links or URL's received via text message or email to fraudsters
- Don't share codes received via text message or email with anyone. In most cases, these are multi-factor authentication codes that will give fraudsters access to your account
- Fraudsters will often provide the first 4 to 6 numbers of your debit or credit card. Remember that these numbers are used to identify the card issuer and are known as the Bank Identifier Number (BIN). Most debit and credit card numbers issued by specific financial institutions begin with the same 4 to 6 numbers
- If your personal information has been compromised in the past through a breach or a phishing message, remember that the information can be used as a tool to make the communication appear legitimate
- Never provide remote access to your computer
- Financial institutions or online merchants will never request transferring funds to an external account for security reasons
- Financial institutions or police will never request you to turn over your bank card nor attend your residence to pick up your bank card
- Enabling Auto-Deposits for e-transfers provides additional layer of security
- Learn more tips and tricks for protecting yourself
- Date modified: