Keeping your hard-earned money and personal identity secure is our top priority. While we constantly run sophisticated monitoring systems behind the scenes, fraud tactics are changing rapidly. Criminals are finding new, hyper-polished ways to trick people into giving up access to their bank accounts.
An Account Takeover happens when a scammer gets a hold of your usernames, passwords, or personal details and pretends to be you. Once they gain access, they change your settings, request new PINs, or update your phone number so they can steal funds without triggering standard alerts. Below is a breakdown of the specific tactics being used today, along with exactly what you can do to keep your finances safe.
1. The “Fake Bank Employee” Phone Call
Scammers are currently running highly coordinated phone and text campaigns where they pose as a bank’s fraud department.
- The Bait: You receive a call that looks perfectly legitimate on your caller ID, showing our bank’s name and a local area code. The caller claims they are investigating a fraudulent charge on your card.
- The Hook: To “verify your identity,” they read the first six digits of your card back to you. (Note: These numbers are public information and are common to almost all cards from our bank). They will then ask you to give them the remaining numbers, your card PIN, or a digital verification code.
- The Goal: They want to add your card to a digital wallet on their phone or gain access to your mobile banking app. In some extreme variations reported nationwide, scammers have even offered to send a “courier” directly to a customer’s home or workplace to pick up an allegedly compromised physical card.
| Our Absolute Promise to You: We will NEVER call or text you out of the blue to ask for your password, full Social Security number, PIN, or a temporary one-time passcode. Furthermore, our bank will NEVER send an employee or courier to your home or office to collect a payment card. If your card is ever compromised, we will simply issue a new one and ask you to destroy the old plastic yourself. |
2. Text Messages and Emails Designed to Blind You
Phishing emails and “smishing” (SMS text scams) look significantly more professional than they used to. Scammers now build flawless copies of bank login portals and use web address shorteners like TinyURL to hide malicious links.
More dangerously, these scams are designed to interfere with your actual fraud notifications. A scammer might text you out of the blue with a fake transaction alert and tell you to reply “No Fraud” or forward them a one-time passcode to cancel it. Doing this essentially blinds our actual automated system, giving the criminal the green light to take over your account.
3. The “eSIM Swapping” Tech Exploit
Fraudsters are increasingly targeting mobile phones directly through a method called eSIM swapping or eSIM hijacking. They trick cellular network operators into transferring your active phone number over to an embedded SIM card inside a phone they control.
If they succeed, they will instantly begin receiving all your incoming texts and calls—including the text-message security verification codes linked to your bank account.
| Mobile Warning Sign: If you ever notice your mobile phone suddenly loses all cellular service or says “SOS only” unexpectedly while you are in a normal coverage area, contact your mobile carrier immediately. This is a major indicator of a phone hijack. |
4. Silent Device Infections (Malware)
“Man-in-the-Browser” attacks occur when malicious software is silently downloaded in the background while you visit a compromised website or click an unsafe link. This software runs quietly, monitoring your web sessions. When you log into your online banking, it hijacks the active session to harvest your password or manipulate funds, while simultaneously showing you a fake “error page” so you don’t realize what happened.
Your Security Checklist: 6 Steps to Secure Your Finances
1. Hang Up and Dial Us Directly: If you get a text, call, or email warning you about a suspicious transaction and you aren’t 100% certain it’s real, do not engage. Hang up and call the customer service number printed directly on the back of your debit or credit card, or visit our official website. Never call a phone number provided in a suspicious text message.
2. Never Reply “No Fraud” to an Unknown Charge: If you receive a text alert about a charge you don’t recognize, never reply “No Fraud” just because an automated voice or text instructs you to do so. If you don’t recognize it, always report it as fraud, or call your local branch.
3. Guard Your One-Time Passcodes: Temporary security codes sent via text or email should only be entered by you on a secure login page. They should never be read aloud or texted back to anyone, even if the person on the phone claims to be from our bank.
4. Secure Your Mobile Banking Apps: Always sign completely out of financial apps when you are finished using them. Enable biometric protections—like fingerprint or face recognition—or an explicit app PIN. This ensures that even if someone physically holds your device, they cannot access your accounts.
5. Keep Your Devices Updated: Ensure your computer and smartphone operating systems, anti-malware software, and web browsers are set to update automatically. Keeping software up-to-date is your strongest shield against background malware downloads.
6. Check Your Credit Annually: Request a free copy of your credit report once every year from the three primary agencies via annualcreditreport.com to verify no fraudulent loans or cards have been opened using your identity.
We are fully committed to protecting your assets and your peace of mind. If you suspect you have inadvertently shared your banking details, clicked a suspicious link, or believe your account has been accessed, please contact our local branch support immediately so we can secure your funds.
Getting Help:
If you ever feel a transaction is suspicious or believe your account has been compromised, please call us immediately at 215-860-9100, or stop by your local branch.
We hope you find these tips helpful. If you have any questions or need assistance, please don’t hesitate to give us a call. Stay safe and secure! For more information to protect yourself from cybercrime, visit The First’s Security Center and review our latest cybersecurity blog article on New Zelle® Scams to Watch For.
