AP NEWS

Fake KeyBank texts are being sent to NE Ohio consumers: Money Matters

August 1, 2018

Fake KeyBank texts are being sent to NE Ohio consumers: Money Matters

Q: I got a text message from KeyBank about doing something to keep my account active, but I don’t have a KeyBank account. Where can I report this bogus text message?

W.T., Cleveland

A: I learned a new term this week: Smishing. We’ve all heard of phishing, which generally refers to emails that seem to come from a bank or credit card company or retailer and urge us to click on a link in the email to avoid something bad or get something good.

These fraudulent text messages are so prevalent now that companies call them “smishing,” which is short for SMS phishing. (SMS refers to text messages.)

Folks all across Northeast Ohio have been getting peppered with these fraudulent Key text messages for at least the past couple of months. That makes sense: Key is the largest bank in Greater Cleveland, with about 22 percent of money that locals have on deposit. So scam artists sending out mass messages probably have a more than one-in-five chance of hitting a genuine Key customer every time they send out a message.

But as you quickly realized, because you don’t have a Key account, the messages are nothing more than an attempt to scare people into clicking the link and entering personal information, which the thieves will then use for fraudulent purposes.

KeyBank’s fraud department is trying to combat the problem.

“It pays to be a bit of a skeptic any time you receive a communication from someone claiming to represent a bank,” said spokeswoman Drez Jennings. “Generally speaking, scammers will use email, text or telephone call to contact banking clients with an urgent message about account status.”

She noted that people who respond to texts, emails or calls typically will be asked to provide account information such as account numbers or passwords, or even personal identification information such as Social Security numbers.

“In this case, there’s a message urging recipients to take immediate action to maintain access to their accounts,” Jennings said. “We’re seeing messages such as ‘Contact us to avoid having restrictions placed on your account’ and ‘Update your account with us to avoid having restrictions placed on your account.’”

The link that many folks are receiving would take you to a page that resembles a login page for KeyBank online banking. But it is not legit, Jennings emphasized.

People are asked to enter their username and password. “If they do, scammers use the information to try to log into your account,” she said. And if they can log into your account online it means someone can move money out of accounts and obtain credit card account numbers.

“We advise anyone – KeyBank client or not – to exercise caution whenever they receive an unexpected communication – text, email or phone call from their bank,” she said.

KeyBank customers who want to verify suspicious calls, emails or text messages before they click on links or return messages can call Key customer service at 800-539-2968 (800-KEY2YOU).

In addition, people receiving this particular fraudulent text message can report the message to KeyBank by taking a screenshot of the text message and sending it in an email to reportphish@keybank.com. Once that’s done, people should delete the text message, Jennings said. If they can’t take a screen shot, they should write down what it says, and include the questionable URL, and send that information in an email to reportphish@keybank.com

Further, anyone who is genuinely a Key customer and responded to this or similar messages and entered any account or other personal information should immediately contact KeyBank’s fraud and disputes hotline at 1-800-433-0124.

Jennings said customers can get “peace of mind” by setting up account alerts and using online banking to keep tabs on account activity. Virtually all banks offer alerts of some type. You generally can choose to get text message or emails if, for example, a withdrawal or purchase over a certain amount is made, or if a new bill pay recipient is added, or if your balance falls below a certain amount.

Consumers can also get alerts if someone (including themselves) signs into an account from a different computer or phone. And consumers can sign up for two-step authentication. This would require anyone trying to log in from an unknown computer or other device to enter a special code sent to the phone number or email address the bank has on file. If that one-time code isn’t entered, the log in won’t be accepted.

In general, these attempts to steal our information by tricking us are rampant. They wouldn’t continue if they weren’t successful a small percentage of the time. I urge people who receive a phone call, text message, email or letter that appears to be from a company we do business with and asks for action to be taken -- by providing any information -- to just stop before they do anything. Don’t return the number left on the voicemail. Don’t click on the link.

Instead, call the phone number on the back of your ATM or credit card or bank statement. Or look up the phone number independently. Or in the case of retailers such as Amazon or eBay, go to the log in page you use to access your account. Don’t click on links provided.

AP RADIO
Update hourly