PNC Bank is warning its customers of an uptick in phishing, vishing and smishing scams targeting them under the guise of “unauthorized activity” communications.
An old cybersecurity scam has been given a fresh coat of paint— now with threat actors targeting PNC Bank customers under the facade of helping with fraudulent activity on their bank accounts.
The communications are being deployed by phishing (email), smishing (text) and vishing (phone)—all methods in which scammers contact people to steal personal information—in this case, online banking credentials and social security numbers.
“Some cybercriminals have shifted their approach and are targeting consumers directly through known and trusted channels of communication. One such scam involves fraudulent outreach via text, e-mail or phone calls,” said a PNC spokesman. “These communications appear to be initiated by PNC, but instead are being sent by a fraudster in hopes of obtaining customers’ personal or account-related information.”
As with other scams, the strategy isn’t groundbreaking, but results are effective enough that scammers continue to deploy these types of campaigns on consumers and financial institutions.
How To Identify Cyber Scams and Protect Your Data
In terms of cybersecurity, the adage of “the best offense is a good defense” rings especially true. Below are a few tips from the Schneider Downs cybersecurity team to help you identify these types of scams and protect your personal information.
- Avoid Malicious Websites – If you are directed to a website, verify that the website is legitimate by reviewing the URL and typing in the address itself versus clicking on link(s) provided to you.
- Be Wary of Urgent Narratives – One of the top warning signs you are receiving fraudulent communication is an urgent tone to the message. In most cases the communication says something is very important with dire consequences (i.e., your account will close, or you will owe $$$) with the only remedy to provide private information immediately or by clicking on a link to resolve the concern. Report and ignore these communications.
- Do Not Answer – The easiest way to avoid identity fraud is to simply not answer or respond. If you receive unsolicited communications, chances are it is a scam. You can always call the verified customer service number on the back of your card or visit the local branch to validate information.
- Do Not Click on Links – If you receive an unsolicited email or text, do not click on the any of the links. These links may install malware or lead you to a website that’s been set up to steal your information.
- Do Not Provide Personal Information – While some organizations allow you to provide your social security and account numbers for access, if the communication is unsolicited, avoid providing this type of private information. In its recent alert, PNC Bank makes it very clear that they will never ask for mobile/online banking passwords.
- Only Use Verified Contact Information – Scammers are smart, to the extent they have fraudulent “customer service” agents waiting for you to call imposter numbers or email bogus accounts. Always verify you are contacting the correct number by looking at the back of your card or statements.
- Review Your Financial Statements – Look at your statements for any unauthorized or suspicious activity and speak to the appropriate contacts if you find fraud.
What If You Took the Bait?
If you are a PNC customer who believes they have been targeted or provided information to a scammer, PNC recommends immediately changing your online credentials, e.g., your password, and contacting the bank directly at 1-888-762-2265 (888-PNC-BANK).
You can also forward suspicious emails and/or screenshots of fraudulent text messages to [email protected]. To read more about banking scams, go to https://www.pnc.com/en/security-privacy.html.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected].
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe.
