Protect yourself against P2P cyber scams
It’s not uncommon for cybercriminals to use digital payments, such as P2P transfers, to steal money from online banking accounts. Anyone who uses technology, such as online banking, can be targeted by a cybercriminal. It pays to protect yourself by understanding how these cyber scams work.
What is a P2P transfer?
Peer-to-peer payments (also known as P2P transfers) are electronic money transfers usually made between individuals. P2P transfers allow users to send money to another person through a linked bank account, credit card or debit card. P2P transfers may be made through mobile apps or through services provided in online banking.
How do P2P scams typically work?
A common goal of these scams is to steal money from bank accounts. The scammers accomplish this by tricking a target into revealing their online banking credentials. Many of these schemes begin with a spoofed text message (a phishing text that appears to be legitimate) aimed at a target. The fake text message appears to come from the target’s bank as a warning about a suspicious payment.
Anyone who responds will soon receive a spoofed telephone call from a scammer pretending to be a representative of the target’s bank. During the call, the scammer will ask the target for their online banking username to “authenticate” them. In the background, however, the cybercriminal is resetting the target’s password on the bank’s website to gain access to their accounts.
If multi-factor authentication is enabled, the scammer will typically say something like “I’m going to send you a passcode. Please read it back to me once you get it.” When the code is provided, the scammer uses it to access the victim’s online banking account.
Once the victim’s online banking account has been compromised, the scammer will use the P2P transfer service within online banking to send money to fraudulent accounts under their control. Some P2P services have authentication protection in place to deter fraud, but cybercriminals use the same tactics mentioned above to trick the victim into approving the transaction. Unfortunately, once the transfer has taken place, it may be difficult or impossible to get the money back.
To protect yourself and your money, remember:
Banks will NEVER call you directly and ask for sensitive information, such as your online banking username, password, or verification code. If you receive any such calls, it is best to hang up and call your bank using a known phone number.
If you are a victim of this scam, or if you notice any unusual activity in your account, call the bank right away to report it.
It is important to immediately change your online banking password to prevent further unauthorized access. Using a strong password that combines uppercase and lowercase letters, numbers, and symbols also makes it more difficult for cybercriminals to guess your password or passcode.