Double-sided spoofing is an increasingly prevalent social engineering tactic where a fraudster uses spoofing to manipulate both a customer and their financial institution.
The fraudster begins by using tools to spoof the financial institution’s phone number or caller ID and calls the customer, impersonating an employee. The fraudster will request information from the customer. The fraudster then continues by spoofing the customer’s phone number or caller ID and calls the financial institution, impersonating as the customer. The fraudster will attempt to use the information they gathered to convince the employee that they are really the customer. Once they have gained the employee’s trust, the fraudster may authorize a fraudulent transaction or even attempt to gain access to the victim’s online banking account by requesting that their password be reset. The fraudster could even go as far as attempting to take over your account.
Double-sided spoofing is particularly dangerous because the fraudster carefully works both sides of the conversation, whereas one side might more easily catch on and become more suspicious if the fraudster’s efforts were fully concentrated on them. Traditional spoofing usually focuses on one side, but by exploiting both sides, fraudsters elevate their tactics, increasing the likelihood of success in executing the scam.
If you receive an unsolicited phone call from someone saying they are an employee with Exchange Bank and you are suspicious, please hang up and call us directly at 256-547-2572 to ensure you are speaking with us. Also remember that Exchange Bank will never call and request you to provide information, only to verify existing information.
