Scammers are at it again. (Really, they’re always at it….)
We’re seeing a huge increase in fraud relating to remote access to computers and other devices. If you receive an unexpected email, text, or phone call stating something out of the ordinary — and perhaps a little alarming — don’t click on the links or call back: It’s probably a scam. If you respond, the scammer may ask you to let them take control of your computer or device. Once you give them that access, they can see EVERYTHING that’s stored on your computer or device, including saved passwords. (And that’s very, very bad!)
Examples of remote access scams
There are many variations of these scams making the rounds right now. Some start as phone calls from fraudsters pretending to be from law enforcement, the IRS, or Microsoft or Apple, and they try to threaten, bully, and/or scare you into following their instructions. Let’s have a closer look at two examples, so you can recognize them — and not fall for ‘em!
There’s been a charge to your account
You receive an email or text that says something like an iPhone® has shipped and $799.00 is being charged to your account. (Well, that’s a reason to be worried, right?) The email or text has a link and/or a phone number, so you contact them to let them know that you didn’t order anything. The scammer may ask you to log in to online banking to verify that the charge has been made to your account. When you can’t find the (nonexistent) charge, they’ll ask for remote access to your computer in order to “look at your account together to solve the problem.” Unfortunately, after you grant access, the scammer may have your account username and password… and so much more.
Something’s wrong with your computer
You get a call, text, or email stating that there’s a problem with your computer, but if you contact them, they can help you with it. (Who hasn’t had computer issues?) When you respond, the scammer requests remote access so they can help “fix” the computer. Then they’ll have you log in to online banking while they still have remote access. Now the scammer can see anything that’s going on with your computer, and they can log in to your account, transfer money… the whole nasty deal.
What not to do
Scammers may try to coach you through the process of giving them remote access so they can defraud you. (They’re helpful that way.) If you’re using a computer, they may send you to a website to set up remote access or try to walk you through the Windows remote access feature. If you’re on a phone, they may direct you to download an app. (STOP! Don’t do it!)
- Never give anyone remote access to your computer or device
- Never share your username or password for online or mobile banking
- Never log in to online or mobile banking if someone has remote access to your computer or device
You’ve already fallen for it. Now what?
It’s important to act fast to minimize the compromise. Using a different computer or device — not the one that was accessed by the scammer! — change your passwords to online banking, email, social media, and any other important sites you use, especially those that may be linked to your credit or debit cards.
You’ll want to keep a close eye on all of your accounts. We offer a number of things that can help you monitor your accounts. Of course, online banking and mobile banking will give you access to your accounts 24/7/365, so you can see transactions before your monthly statement is available. Our Card Manager app lets you set up alerts to notify you of credit and debit card transactions, and it will let you restrict certain transactions, such as those originating in other countries or over a certain dollar amount.
Contact us right away — especially if you see any questionable transactions! — so we can try to limit any fraudulent activity and guide you to appropriate resources. For instance, we may suggest a credit freeze or steps you should take to protect your identity. (If you’re concerned about identity theft, you may want to take a look at our All-In checking account.)
You’ll also need to get your computer or device looked at by a professional to make sure the fraudster didn’t install malware or tamper with it in any other way. (Don’t use it again until it has a clean bill of health!)
How bad can it be?
As soon as you give a scammer remote access, there’s been damage done — even if you don’t log in to online banking. If you have passwords stored in your browser (you know, the ol’ Remember-me-on-this-device pop-up?), those have all potentially been compromised, depending on your security settings and which device has been accessed. (One silver lining: The scammer may not be able to access stored passwords on a phone that requires a passcode or Face ID.)
It’s also possible that the fraudster installed malware or a keystroke logger or some other malicious crawly thing on your device so he can continue to access it without you knowing.
If you actually did log in to your online or mobile banking, well… the scammer probably has your username and password and may be able to do anything you can do, including transferring funds from your accounts. (Yikes! That’s why it’s so important for you to monitor your accounts and contact us right away!)
We know we said this already, but it bears repeating: Never ever ever give anyone remote access to your computer or device!