Warning on New Bank Scams Targeting Online Accounts in North America

VTB has announced a new scam scheme aimed at gaining unauthorized access to a customer’s online banking, a development highlighted by DEA News through the bank’s press service which stresses vigilance across all customer touchpoints. The pattern in these incidents shows a notable rise in scam activity where attackers attempt to persuade customers that their online banking access must be blocked or suspended, often creating a sense of urgency that pushes victims toward quick, reckless decisions. In many cases, the attackers pose as legitimate bank staff, contacting customers under the guise of a routine security check or a routine servicing action, which can be convincingly executed through familiar channels such as phone calls, SMS messages, or even social engineering on messaging platforms. The bank’s report emphasizes that the scammers target people who are believed to be potential customers of the bank, but they do so by exploiting a supposed need to restore or protect access to banking services after a suspicious event. This method is designed to pressure victims into divulging sensitive information or authorizing actions that should instead be validated through official channels. The attackers might instruct the victim to provide a password received via a text message that is claimed to be necessary for restoring the service, implying that the SMS contains a code or credential that will unlock or reestablish access. The core danger is that the password, once obtained by the criminal actors, can be used to log into the victim’s account, approve an online loan, or initiate transfers that divert funds to the attacker’s own accounts. The press service of VTB urges customers to treat any unsolicited request for credentials with extreme caution and to terminate the call immediately, preferring direct contact through verified, official channels listed on the bank’s legitimate website or printed materials. The key message is simple: if a caller claims to represent the bank and asks for a password or a verification code, the safest response is to hang up and contact the bank through known, confirmed contact points to verify the situation before taking any action. This precaution helps prevent fraud that could lead to unauthorized withdrawals or the completion of loan applications without the customer’s informed consent. A related note from the bank’s safety posture highlights the broader context of social engineering risks, where criminals use fear, urgency, and authority to manipulate victims into sharing security-sensitive information. In practice, customers are advised to pause, verify, and report suspicious activity to the bank’s fraud prevention desk rather than reacting to a hurried phone call or a message that appears urgent but lacks verifiable backing. The bank further explains that attackers may seek to impersonate call center staff, presenting a veneer of legitimacy during a fleeting interaction that aims to deceive the unwary. The recommended response is to ignore the impulse to act immediately, to independently authenticate the caller’s identity, and to rely on official channels rather than the information supplied during the call. In related, yet separate cases documented by law enforcement and public health sector authorities, there have been instances where scammers have used similar tactics to pressure staff or students into transferring funds or sharing sensitive data. One such incident involved an employee who received a phone call from someone claiming to be a government health department representative, followed by threats of dismissal or other disciplinary action unless a substantial sum was transferred to a designated account. The organization involved later clarified that these threats and monetary requests were not sanctioned by any official department and urged recipients to report the incident to the institution’s security office for further investigation. The overarching lesson from these events is that legitimate institutions will never demand urgent transfers or disclose sensitive access credentials over unsolicited calls or texts. Customers should verify requests through the official customer service channels published by the institution, ideally using a separate device or line to confirm the request, and never share passwords, one-time codes, or security questions in response to a cold inquiry. The collective guidance from financial institutions and security authorities underscores a practical framework for reducing risk: stay calm, validate, and escalate when in doubt. By maintaining a healthy skepticism toward unexpected prompts and by leveraging trusted contact points, customers can shield themselves from efforts to exploit online banking systems. In every case, the emphasis remains on clear, verified communication that aligns with documented security procedures rather than hastily following instructions from unfamiliar voices on the phone or from messages that create a false sense of urgency. The broader takeaway for individuals is to adopt a disciplined approach to online banking security that encompasses routine verification, secure channel usage, and prompt reporting of suspicious activity to the right authorities. This proactive posture helps preserve financial integrity and reduces the likelihood of successful fraud attempts, reinforcing the importance of ongoing awareness and vigilance across all digital banking interactions. [Source: DEA News] [Attribution: Pirogov Institute incident referenced for context]