PNC Bank is warning its customers of an uptick in phishing, vishing and smishing scams targeting them under the guise of “unauthorized activity” communications.
An old cybersecurity scam has been given a fresh coat of paint— now with threat actors targeting PNC Bank customers under the facade of helping with fraudulent activity on their bank accounts.
The communications are being deployed by phishing (email), smishing (text) and vishing (phone)—all methods in which scammers contact people to steal personal information—in this case, online banking credentials and social security numbers.
“Some cybercriminals have shifted their approach and are targeting consumers directly through known and trusted channels of communication. One such scam involves fraudulent outreach via text, e-mail or phone calls,” said a PNC spokesman. “These communications appear to be initiated by PNC, but instead are being sent by a fraudster in hopes of obtaining customers’ personal or account-related information.”
As with other scams, the strategy isn’t groundbreaking, but results are effective enough that scammers continue to deploy these types of campaigns on consumers and financial institutions.
How To Identify Cyber Scams and Protect Your Data
In terms of cybersecurity, the adage of “the best offense is a good defense” rings especially true. Below are a few tips from the Schneider Downs cybersecurity team to help you identify these types of scams and protect your personal information.
Avoid Malicious Websites - If you are directed to a website, verify that the website is legitimate by reviewing the URL and typing in the address itself versus clicking on link(s) provided to you.
Be Wary of Urgent Narratives - One of the top warning signs you are receiving fraudulent communication is an urgent tone to the message. In most cases the communication says something is very important with dire consequences (i.e., your account will close, or you will owe $$$) with the only remedy to provide private information immediately or by clicking on a link to resolve the concern. Report and ignore these communications.
Do Not Answer - The easiest way to avoid identity fraud is to simply not answer or respond. If you receive unsolicited communications, chances are it is a scam. You can always call the verified customer service number on the back of your card or visit the local branch to validate information.
Do Not Click on Links - If you receive an unsolicited email or text, do not click on the any of the links. These links may install malware or lead you to a website that’s been set up to steal your information.
Do Not Provide Personal Information - While some organizations allow you to provide your social security and account numbers for access, if the communication is unsolicited, avoid providing this type of private information. In its recent alert, PNC Bank makes it very clear that they will never ask for mobile/online banking passwords.
Only Use Verified Contact Information - Scammers are smart, to the extent they have fraudulent “customer service” agents waiting for you to call imposter numbers or email bogus accounts. Always verify you are contacting the correct number by looking at the back of your card or statements.
Review Your Financial Statements - Look at your statements for any unauthorized or suspicious activity and speak to the appropriate contacts if you find fraud.
What If You Took the Bait?
If you are a PNC customer who believes they have been targeted or provided information to a scammer, PNC recommends immediately changing your online credentials, e.g., your password, and contacting the bank directly at 1-888-762-2265 (888-PNC-BANK).
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.