Scammers using text messages to drain bank accounts in new ploy
A small business owner lost her life's savings when scammers pretending to be Chase bank employees defrauded her out of $160,000. Chase refused to refund any of her money, saying she did not take appropriate steps to protect her account. Experts say the bank should adopt stricter security measures to protect customers. Anna Werner reports.In a stark reminder of the growing threat of financial scams, Deborah Moss, owner of a small catering business, found herself ensnared in a sophisticated bank scam that started with a seemingly harmless text message.
Moss, who had dedicated over a decade to building her business, says she had finally accumulated enough savings to pursue a peaceful life in rural Guerneville, California. But her dreams began to shatter after she received a text message purporting to be from her bank, Chase, inquiring about an unauthorized $35 debit card charge from another state. Initially dismissing it as a minor inconvenience, Moss promptly replied.
Shortly after replying to the text, Moss received a call from someone claiming to be a representative from Chase Bank, with the caller ID displaying the bank's name. On the other end of the line was an individual identifying herself as "Miss Barbara" from "Chase ATM." She requested permission from Moss to issue a new debit card to resolve the alleged fraudulent charge.
Moss says Miss Barbara told her she needed to verify Moss's identity and to do so, instructed Moss to read the numbers from a subsequent text message back to her over the phone.
"And I would just repeat those numbers to her, and she'd say, 'That's great. Thank you so much, Ms. Moss,'" said Moss.
Over the next week, Miss Barbara called Moss several times, each time saying there was a problem with delivery of the card and each time asking Moss to verify her identity by reading back the numbers from subsequent text messages.
It wasn't until Moss visited her nearest bank branch that the devastating truth emerged. A supervisor informed her that her account had been drained, leaving her life savings of nearly $160,000 completely depleted.
"That was all my money. It took me 12 years to get that money, and that was my life savings," Moss said.
Moss' ordeal sheds light on the escalating trend of fraud and the alarming financial losses suffered by Americans, with reported losses reaching a staggering $8.8 billion last year, marking a 30% surge from the previous year, according to government data.
The text messages asking Moss to authenticate her account were authentic: they were sent by Chase Bank as part of its two-factor authentication system, designed to enhance customer security. But the scammers deceived Moss into revealing the numbers to them over the phone, enabling them to bypass security measures and transfer large sums of money from Moss's account. In just one week, they conducted six wire transfers, some as high as nearly $48,000.
Moss filed a police report and submitted a claim to Chase Bank, hoping to recover her stolen funds. However, her hopes were dashed when, after a five-week wait, the bank denied her claim.
Chase Bank appeared to fault Moss, writing her in a letter, "During our review we found you did not take the appropriate steps to protect your account from theft or unauthorized use." Bank officials said they would not reimburse her account, leaving Moss devastated and feeling betrayed.
"My world fell apart. My whole world fell apart," Moss said. "You think of your bank as being some place that you put your money so that it's safe but it's not safe. It needs to change."
JPMorgan Chase provided a statement to CBS News in response, stating, "Regrettably, Ms. Moss's account was compromised as a result of scammers deceiving her and obtaining her personal confidential information."
Chase Bank told CBS News that bank officials had attempted to contact Moss via phone and email regarding the wire transfers at the time. Moss says she did not receive any of these messages. Chase offered the following tips for consumers to remember: Do not share personal account information such as ATM PINs or passcodes. Keep in mind that the bank typically does not initiate phone calls, but if you want to ensure you are speaking with the bank, call the number on the back of your card. Lastly, avoid clicking on suspicious links in texts or emails.
JPMorgan Chase defended its commitment to combating fraud, saying in a statement: "Each year we invest hundreds of millions of dollars in authentication, risk models, technology and associate, client education to make it harder for scammers to trick customers."
David Weber, a certified fraud examiner and forensic accounting professor, believes that Chase Bank bears responsibility for, in his opinion, failing Moss and neglecting to implement stronger security measures.
"Anyway you look at it, they failed. They failed her," Weber said. "The bank could have required her to come in and sign the wire form in person. They left everything for her to be at risk, and now they're saying they bear no responsibility."
He also said that the current two-factor authentication systems, including text messages, are insufficient in combating the increasingly sophisticated tactics employed by scammers.
"This is happening hundreds and thousands of times a day in the United States using the exact same methods here. The two-factor authentication is not strong enough to protect this customer," Weber said.
ADDITIONAL INFORMATION FROM JPMORGAN CHASE:
Threats are changing every day as scams become more sophisticated. As threats evolve, so do our methods to prevent both fraud and scams.We know we cannot thwart these scams alone. It takes an all-hands-on deck approach in partnership with law enforcement, the private sector, and government to help prevent, avoid and prosecute these crimes. Consumers play a critical role too, which is why we continue to educate them about the latest scams so that they can spot and avoid them.
SCAM PREVENTION TIPS:
Protect your personal account information, ATM pins, passwords and one-time passcodes. If someone contacts you and asks for this information, especially if it's someone claiming to be from your bank, do not share it with them.If you want to be sure you're talking to a legitimate representative of the company that contacted you, call the number on their official website.If you want to be sure you are talking to a legitimate representative of your bank, call the number at the back of your card or visit a branchNever click on suspicious links in a text or email or grant anyone remote access to your phone or computer.Do not respond to phone, text or internet requests for money or access to your computer or bank accounts. Banks will never call, text or email asking for you to send money to yourself or anyone else to prevent fraud.To learn more about common scams and ways to protect yourself
