I recently received a request for information by text from my bank, and I immediately thought that it was fake. This is the third text that I’ve received from them, but there was something about this one that did not sit right with me. The other two texts were notification texts and they did not ask for any personal information. But this one, was requesting that I forward information to an email address. Here is the text:
“XXXXX Bank requires proof of your property insurance. Please send to firstname.lastname@example.org within 30 days. For financing info call 1-866-XXXX.”
With all of the fraud schemes (COVID-related and otherwise), I have become very suspicious of these types of requests. The day prior, I received a call (purportedly) from a cell phone company telling me about a new offer that they could deliver right to my door. That raised my fraud alert sensor, and I was not going to be scammed by anyone through my actions. So when this text message came through, I paused and thought about whether I should ignore it or research it further.
Why I Flagged This Text Message as a Scam
I had already made up in my mind that I was not going to send any information to a strange email address or call any suspicious. In my post-COVID eyes, it was a scam. The only way that I would take action was if I received an official letter from the bank outlining the same request for information. And even then, I would have to speak to someone in the bank, face to face.
The message, though short, raised several red flags for me.
1. The Request Was Sent by Text
Seeing that the bank said that it would never send such requests by text, this was my first red flag. If this was a legitimate request for information from a bank, would it be sent by a text message and not an official letter? My research has shown that financial institutions should not request this type of information using SMS text messages.
2. It Was a General Text
The fact that this text did not address me by name was strange. It is very common for scammers to use general email greetings such as “Dear Customer” or “Dear Client”, and not address the customer by name. In official correspondence, banks usually address customers by name or may reference digits in the client’s account number.
3. It Asked For Personal Information
This was yet another violation of the fraud advisory. The message was a direct request which asked me to send personal information to an email address. Many banks caution against providing sensitive information in response to unsolicited requests.
4. The Information Should be Sent to an Email Address
This was another big flag for me because in addition to asking for personal information by text, the message instructed me to send the information to a suspicious email. The email address was not familiar. Although it included the bank’s domain name, the address was not necessarily straightforward.
5. The Message Included a Deadline
Many bank scams use deadlines to scare unsuspecting customers into handing over information quickly. Even though the deadline in the message was 30 days, it was still suspicious with the other factors considered.
6. The Number Listed Was Unfamiliar
The text message also included an instruction to call a 1-866 number for “financial info.” My research revealed that this is a toll free number and there have been lots of scams surrounding these numbers. This raised another flag because if I want to obtain “financial info”, I will call a local number.
7. My Product Does Not Require Property Insurance
This was the biggest red flag of them all. I have a product from this bank, but it does not require property insurance. If this was indeed from my bank, they would know what products I have. Why would a legitimate request ask for something that’s not required? That’s why I thought this was a scam.
My Response to the Request for Information
On hindsight, sending an email to suspected scammers, was definitely not a good idea. However, I wanted to confirm the authenticity of the request. If this was a breach of some sort, it could potentially impact thousands of customers in the Caribbean.
I sent an email to the address listed in the text message (a big no-no), and asked the following questions:
- Is this a legitimate request?
- If this is a legitimate request, why was it sent by text and not communicated with an official letter?
- Why is this information required?
- Who is the contact person that will receive this information?
The Response Received
This is the response that I received on the next business day:
“Thank you for your query and response as I will provide answers accordingly.
- The request is legitimate,
- Due to the importance of the Property Insurance, with the speed at which information is communicated via social media and also it clearly being the way forward, that platform was used.
- The information is required as we need to make sure our interest (property being collateral) is protected.
- The information may be forwarded to this mailbox, where myself and my colleagues will process it but you can also forward it to your lender if you feel more secure doing so….”
There was also an email signature which listed the person’s name, job title, and contact number.
What Should I Do Next?
I toyed with the idea of sending an email in response to what I received. I wanted to explain the risks of sending such requests by text, even though it’s convenient, speedy and affordable for the bank. In terms of what was requested, I would have asked them why I was asked to provide property insurance for a product that does not require it. If your “interest” is so valuable and you want to ensure that it’s protected, you should have a clear idea of said “property” and which clients such requests apply to.
However, I called the number and told the guy which product I had and he said that the property insurance documentation is not required. All the welps that welped. This raised even more questions about the bank’s operations and whether or not they are being managed properly. I have resolved to stay on top of developments with this bank, because this is a major operational fail.
How to Deal With Text Message Scams
If you receive a suspicious text message that includes a request for information, do not action it. Instead, you should take the following steps to keep your information and money and assets safe:
1. Do Not Click
Do not click on any of the links in the message received. Often times, these links are hiding malware or code that can make it easy for scammers to hack your phone and steal your personal information.
2. No Personal Information
Banks do not and should not request personal information via social media, phone or email. Ignore the request until you get a letter from them asking for the information. Personal information includes your account number, social security number and addresses.
3. Contact Your Bank
Before you act on any request, whether legitimate or otherwise, call or visit your bank first. Explain the nature of the request and ask them to confirm that the request is legitimate. Do not contact any of the email addresses or numbers listed in the suspected scam notification.
4. Take Your Time
If you receive a suspicious request and it requires an immediate response, pause. The aim of these messages are to throw you off guard, so that you make a hasty decision. Instead, take the time to thoroughly research the authenticity of the message. If it really is from your bank, they will give you time to get the matter sorted out.
5. Report the Message
When you have received confirmation that the message is a scam, make an official report to your bank. Banks and other financial institutions have dedicated fraud departments who will research fraud requests. Additionally, there may be consumer bodies who can also research the scam and send out alerts to the public.
A few days later, when writing this article, I checked the bank’s website to see if I could find any information about their communications. Funny enough, the following fraud advisory appeared in a banner on the front page:
“Fraud Advisory: XXXXX Bank will NEVER telephone or send email or text messages to our clients requesting you to update or provide personal and account information such as user ID, password, or account numbers.
XXXXX Bank will also NEVER send a link embedded in an email requesting a client’s User ID or password.
If you receive an email purporting to be from us and you are unsure of its legitimacy, contact us at email@example.com or call us at 1-866-XXXX.”
For further reading on bank scams and how you can protect yourself, please visit the following links:
A Scam‑Spotters Guide: Ten Things Your Bank Will NEVER D0 – But Cybercriminals Will (We Live Security)
Why you should never trust a text from your bank or a call that appears to come from the correct number… You could lose your life savings (This Is Money)
How To Identify a Text Scam (Simple Texting)