Social Media Scam Requesting Routing Numbers and Social Security Numbers to Make Payments Online
August 16, 2017 – Social media posts and videos are advising individuals that they can use can use certain routing numbers and their Social Security Numbers (SSNs) to make bill payments or purchases online. The inducement in these posts and videos includes statements that the U.S. Government holds funds in secret accounts belonging to individuals that they can access only by using the routing number provided in conjunction with their own SSNs. Initially, the routing number referenced in these posts belonged to the Federal Reserve, which shortly afterward issued a news release.
More specifically, and further to yesterday’s Fraud Alert from ePayResources (dated August 14, 2017), a routing number belonging to a credit union is now being used in new social media posts advising consumers to use it along with their SSNs to make bill payments, or make purchases from Amazon.com. ODFIs and their Originators should consider red flags related to this fact pattern:
- Existing customers that substitute their existing routing numbers with the general credit union’s routing number
- New customers, or existing customers using online payments for the first time, that use the general credit union’s routing number and a nine-digit account number (i.e., the same length as an SSN)
Originators and their ODFIs should be aware that this routing number is a legitimate number, and that there are legitimate transactions that would use this routing number. For these red flags above, however, Originators should consider validating the account number by using a prenotification or other method of account validation. Under the NACHA Operating Rules, in addition to general warranties, an ODFI of a debit WEB entry warrants that the Originator has established and implemented a commercially reasonable fraudulent transaction detection system to screen the debit WEB entry (Subsection 2.5.17.4). ODFIs and their Originators also should be aware that entries to this routing number are being returned using the Same Day ACH processing windows.
Given the nature of this particular incident, it is conceivable that other routing numbers could be cited in new social media posts. RDFIs should consider active monitoring of mentions of their routing numbers in social media posts, similar to how businesses monitor their names for reputation management.
*Article from WesPay Alerts