Fake Refund APP Scams Steal Banking Info, Cash
January 13, 2025
Who wouldn’t love a message from their bank about a hefty refund coming their way? Most of us would, and that’s why this latest refund scam is, well, breaking the bank. It’s called “authorized push payment” (APP) fraud, and trusting consumers are handing their most sensitive banking information to fraudsters. Here’s what to watch for with these latest scams.
A recent example of an APP scam, customers of NatWest bank received a message saying a big refund was due to them. An included link brought users to a credible looking, but copycat website stealing their username and password, physical address, customer or payment card number, mobile number, and other account details. Instead of the promised refund, the only gift is giving scammers enough PII for financial and identity theft.
APP Scam Promises
APP scams make big promises but they’re really another form of phishing. With stolen PII in hand, fraudsters make legitimate or “Authorized” withdrawals from the bank. The “Push” part comes from bogus push notifications from a user’s banking app—even if the app isn’t being used. The “Payment” part of this fraud happens when the scammer authorizes the payment to themself. At that point, all but the scammer has been duped by APP fraud.
Although the NatWest APP scam happened in the UK, they’re not the only bank being targeted. And when a particular scam has success elsewhere in the world, there’s no reason it won’t spread to the U.S. next.
We all have the option of turning off an app’s push notifications. But one of the smartest answers to an unexpected message is not responding, including not following links or opening attachments. Next up, directly contacting the business yourself and not using what the message provides. That’s when you’ll find if the push notification is for real, including the promised refund. One way or the other, you’ll be glad you played it safe with APP fraud.
SUBSCRIBE TO WEEKLY NEWSLETTER
