Todd Schnitt of The MJ Morning Show told listeners Thursday morning he was targeted in a "smishing" (SMS phishing) scam.
The host of the Tampa, Fla., radio show says he received a text message (also known as an SMS or short message service) Wednesday from an unverified sender with a 917 area code. It contained an alert from "Tampa Bay Federal Credit Union" that urged him to call a number with a 530 area code. When Schnitt called, an automated voice told him his bank card was deactivated and to enter his card number to reactivate it.
He played along and entered a fake card number and expiration date. Finally, he was prompted for his PIN and then informed his card had been verified and re-activated. "Watch out," he told his listeners, "you've just given them your card number, expiration date and (personal identification number), so they can wipe out your account."
Hurricane, another radio show personality and Tampa resident, says he received the same text message Wednesday night. He knew it was a scam because he doesn't bank at Tampa Bay Federal Credit Union.
The bank card text scam is not new; just renewed and localized. A recent TV newscast from January alerted local residents in Batesville, Ind., to watch out for fake alert texts from Indiana Bank and Trust.
"The new game is to send out thousands of these texts to local phone numbers in the same area code as local banks, and hope many are members of that bank and fall for the scam," says Schnitt, who asked listeners to call in if they received the texts. The phones lit up.
Marie Baskerville, member solutions representative at Tampa Bay Federal Credit Union, says the bank was also deluged with calls. "We do want to ensure that members disregard the text message, as it does not come from Tampa Bay Federal Credit Union," she says. "We do use a third party to track transactions for evidence of fraud or suspicious activity. They will contact you by phone, never a text message or an email, so you can verify that phone number before calling back."
She further explained when you call, you may or not be prompted by automated messages to input your account number. If so, you will be transferred to a real person. "We will never ask you for the expiration date or (personal identification number) associated with your card, as we already have that information. We will ask you to list some recent transactions to verify that you are the cardholder and that you made those transactions," says Baskerville.
Here are some tip-offs to the scam.
- Unrecognizable phone number or strange area code.
- Urgent text message or alert.
- Request for personal information beyond the card number.
- Completely automated system.
- You are not a member of the bank contacting you.
The Federal Bureau of Investigation and Federal Deposit Insurance Corp. offer the same identity theft protection warning: If you did not initiate the communication, don't provide any information. If you believe the contact is legitimate, call the financial institution yourself at the main number listed on your card or the company's website, never from a link provided in an email or number provided in a text message.
These scammers are increasingly sophisticated. Have you ever been smished, phished or vished -- and did you fall for it?