Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
Cybersecurity firm BioCatch recently issued a report in which they found that digital scams targeting banking customers in the United States and Canada increased by 1,000 percent during the first three quarters of 2024 when compared to the same period for 2023.
Rather than use sophisticated hacking techniques to rob banks, scammers find it is easier to use social engineering to psychologically manipulate people into either paying them directly from their bank accounts or providing information that allows the criminal to directly access the victim’s account.
Let’s start with an important premise – anyone can fall for a scam. One reason that we are all susceptible to being scammed is that often fraudsters appeal to the amygdala, a part of the brain often called the reptilian brain. This part of the brain regulates many functions including instinctual behaviors related to survival. And while humans have evolved more advanced brain regions such as the neocortex, which is where sophisticated thinking and complex cognitive functions are performed, the reptilian brain still plays a critical role in behavior and decision making, particularly as it relates to emotional responses. Scammers are particularly adept at appealing to these emotional responses to manipulate their victims, exploiting our tendency to act impulsively without taking the time to rationally consider what is going on.
These fraudsters create a sense of urgency targeting the reptilian brain. For instance, you may receive a phony message alerting you that your bank account is being taken over by a criminal and asking you to provide their your account information to “prevent” dire consequences.
Other times the scammers will pose as law enforcement, the IRS, or some other government agency and frighten you into believing there is some sort of emergency that requires you to transfer funds from your bank to a safe account.
For example, Rachel Smith of Nashville, Tennessee, received a call purportedly from a border patrol officer in El Paso, Texas who told her that they had seized a package that appeared to have been sent by her containing illegal drugs. She was then told that they understood that someone was using her name for illegal purposes, but that in order to protect her money she should withdraw all of the money in her bank account and deposit it into a Bitcoin ATM account provided by the phony federal officer. She was then told that she would be getting a call from a DEA officer to arrange for her to pick up a check for her money the next day. The call, of course, never came and the money she turned into Bitcoin was lost forever.
Another banking scam involves the Peer-to-Peer Payment Service (P2P) Zelle, which is used by many people to quickly and conveniently send money electronically from their credit card or bank account. Zelle is an app created by the company Early Warning Services (EWS), which is owned by seven of the biggest banks in the United States including Bank of America and Capital One. Presently 2,400 banks and credit unions offer Zelle as a service. Sending money through Zelle requires you to only enter the recipient’s phone number or email address.
Unfortunately, Zelle has proven to be easily exploited by scammers, who lure their victims to pay for worthless or nonexistent items. Unlike scams targeting your credit cards directly, you may not have as much protection under the law to get your money back if you do get scammed. Criminals can also con their victims into providing Zelle usernames, passwords, and PINs to take over their victims’ bank accounts through their Zelle accounts.
In order to protect your Zelle account from being hacked, use a PIN or other dual factor authentication. Also never provide your username, password, or PIN in response to any email, text message or phone call. If you are worried there is an actual problem with your bank account, call them at a telephone number you know is accurate.
You should also make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger. If your information is compromised in a data breach, you should immediately change the password for that account.
Finally, the best protection is skepticism. Never provide personal information or make a payment in response to an email, text message, or phone call unless you have absolutely confirmed that the communication is legitimate.
Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now