January 20, 2021

Don't Fall for These Two Phone-Related Scams

Cyber Security Fraud Prevention

Any time there's trouble in the world, such as COVID-19, you can expect fraud artists to emerge. Scammers read headlines, too. Posing as charity fundraisers, bank representatives and government agents, scammers will use any angle to get people to hand over hard-earned assets. Coronavirus-related scams had cost Americans more than $70 million by June 25, 2020, the Federal Trade Commission (FTC) reported.

The good news it that most threats are easily thwarted with a good defense. Remember, it's unlikely the scammers are specifically targeting you (although it doesn't feel that way); they cast a wide net looking for low-hanging fruit. A healthy dose of skepticism combined with easy-to-implement security measures can put you back in the driver's seat.

Scammers exploit highly stressful moments by injecting even more emotion, both positive and negative. Over the phone, they'll threaten arrest, warn of lost opportunity, or take the role of the earnest good guy just trying to save you future headaches by acting now. Many of the most common scams have been around for a while; however, some emerging tactics may be surprising, especially now that information is so publicly accessible online.

The case studies below are based on real-life scams reported by federal authorities and information security experts.

Appearances can be deceiving

While caller ID seems reliable, there's no guarantee what shows up on your phone is accurate. "Caller ID spoofing" can make it seem like you're getting a call from any number, regardless of where it originated.

Chelsea was skeptical when her credit card company called to inform her of a problem, but the service representative knew her name, date of birth, address, and recent purchases. Since everything seemed to check out, Chelsea cleared up the supposed issue and went on her way.

But a nagging feeling remained. She called back and learned "she" had apparently ordered a refund for overpayment of roughly $2,500. Luckily, the card issuer's policy was to mail a check, rather than deposit it in another account, but Chelsea made sure to keep an eye on the mailbox until it arrived.

Turns out the criminals had spoofed the phone number of the card issuer when calling Chelsea, then spoofed Chelsea's number when calling the card issuer. And because of lax data security at the card issuer, the scammers found out Chelsea's last three transactions with just the telephone number as confirmation, giving the scammers credibility when they spoke to her, but not access to her entire account.

So, as the actual card issuer representative asked questions to the scammers to establish their identity as "Chelsea" to access the full account, real Chelsea was providing those answers to the scammers, allowing them to complete the impersonation and order a refund.

Scam defense

Hang up. Call back using the number on the company's website or the back of your card to ask questions and verify the previously stated issue or account hold. At the cost of a little hold music, you can resume your business if the call was legitimate.

Be aware. Information you believe is confidential may actually be available online, including information you post on your own social media. Financial data leaks, breaches, and security failures have become all too common. Know what could be out there and defend your information with unique passwords for each account. There may also be more information about you in voter registrations, county records, traffic tickets, and other open government sources than you'd suspect.

Enable multifactor authentication on all accounts - especially for your mobile carrier, financial institutions, and email.

One little number

Bill was selling antique Shaker-style chairs online when he got a text expressing interest. After a brief negotiation over price, the person texted they wanted to verify Bill was a legitimate seller. He was told he would receive a six-digit confirmation number and to repeat it to the potential buyer.

Moments later, he received a text message containing six digits from an unknown number. As a savvy seller, he immediately stopped responding to this "buyer," knowing that had he given up the digits, he would have given away the keys to his electronic identity.

While the scammers were texting him, they were also hitting the "forgot my password," button on one of his online accounts, likely his email account, which is a common starting point for scammers. With that number, they would have been able to change his password and telephone number associated with his account.

From there, the scammers would have quickly commandeered his email account and gotten access to his many online service accounts, repeating the "forgot my password," trick then using the hijacked email to verify identity and use that information to access his finances.

Scam defense

Think critically when asked for personal information. Does the request make sense? Can it be verified independently? There's no reason to text a verification number you received by text. Instead, you should be the one requesting verification numbers to access a website or account.

Keep your phone locked with a PIN or other security measure. A stolen phone can be used to hijack many of your online accounts.

Secure existing accounts and consider creating an email address to use while buying or selling online to thwart low-effort scamming attempts.

Again, enable multifactor authentication on your essential accounts.


Sources: FBI; FTC; krebsonsecurity.com; USA Today; ABC13 Houston KTRK-TV; The Washington Post