Security News > 2022 > April > FBI: Payment app users targeted in social engineering attacks
Cybercriminals are attempting to trick American users of digital payment apps into making instant money transfers in social engineering attacks using text messages with fake bank fraud alerts.
"Under the pretext of reversing the fake money transfer, victims are swindled into sending payment to bank accounts under the control of the cyber actors," the FBI said.
The fake fraud alerts reference the payment amount and financial institution names and ask the targets to confirm if they tried to make instant payments of thousands of dollars.
The end goal is to trick the victims into "Reversing" the fake instant payment transaction by asking them to remove their email address from the payment app and attaching it to one under the attackers' control.
"Believing they are sending the transaction to themselves, the victims are in fact sending instant payment transactions from their bank account to the actor-controlled bank account."
The exchanges between the fraudsters and their victims can span several days, showing the scammers' determination to pull off their social engineering attack.