SMS Phishing + Cardless ATM = Profit

Cardless ATM's are a new feature being used by banks that allow their customers to withdraw cash from an ATM using their phone. Attackers are pairing that functionality with SMS phishing attacks that are falsely notifying users that their accounts have been locked. The provided link takes the user to a mimicked website and prompts the user for their login credentials. Once the attacker has the user's credentials, they can initiate a withdrawal at an ATM and scan the QR code to acquire the funds. It is recommended to remind customers to never respond to personal finance text messages or emails.


Relevant URL(s): https://krebsonsecurity.com/2018/11/sms-phishing-cardless-atm-profit/