Phone scams, where a person or a computer calls you up and tries to trick you into saying, buying or doing something, are increasingly prevalent cybercrime.
We’ve certainly had our fair share of them recently, receiving several fake calls a day. What we have noticed is that most of the scam calls we’re getting these days are automated, and that the calls themselves – just like phishing emails that are trying to cajole you into taking the next step by yourself – are merely calls-to-action, not full-on sales pitches in their own right.
Sure, we still get plenty of cold-calling scammers who phone in person, dive in and try to deceive us – common themes include:
- Providing fake technical support for a non-existent “computer virus” on our home network. Here, the crooks go straight to work trying to get us to give them remote access to our computer as well as to hand over credit card details to pay for fake repairs.
- Offering fraudulent “good news” about a free gift or prize. This ruse attempts to acquire personal details relating to existing accounts, information that is undoubtedly useful to criminals interested in identity theft.
But a significant majority of the phone scams we’re getting these days are what’s usually referred to as “vishing”, short for voice phishing or voicemail phishing.
Here, the criminals use automated techniques that seem to recite a message directly if they think a human has answered the phone, or to wait until the right moment to leave a message if they reach voicemail.
For the vast majority of recent fraudulent calls we’ve received here in the Metro Detroit, the caller’s number has shown up as a Michigan landline, typically with an area code in one of Michigan’s major metro areas.
Those calls that weren’t from landlines have all shown up as Michigan mobile phones – not one of them has been “Unknown” or obviously from overseas.
The theory behind recognizing and reacting to voicemail prompts is obvious: many people understandably refuse to answer calls from numbers they don’t know, and program them to go through to voicemail automatically.
By leaving automated messages in the same way that many legitimate companies do the criminals avoid having to get involved personally at the start.
This not only saves the crooks time, but also – by asking you to make a voicemail choice such as pressing 1 or staying on the line – pre-selects those people who haven’t figured out right away that it’s a scam.
In other words, the crooks have converted what used to be a time-intensive process of cold calling thousands of people into a largely automated system where only those who are already apparently receptive to the scam end up on a call.
It also means that the criminals can use the same sort of synthetic voice technology that legitimate companies do for their “recorded” messages, coming across with an official-sounding voice, typically speaking clearly enunciated English with a local accent.
Of course, the crooks still rely on giving their automated voices a script to recite, so the messages are sometimes – though not always – obviously rogue calls because of the incongruity of a perfectly accented “local speaker” making unlikely grammatical errors.
What to do?
Unfortunately, there isn’t much you can do to stop these calls being made. As far as we know, they’re usually made from outside your country, but show up with a local number used by whichever voice-over-internet provider the criminals use, meaning that the numbers change regularly.
We’d encourage you to report the caller’s number to the relevant authorities, but we accept that this may be too much effort, or require you to give away more personal information than you want, so we’re not going any further than encouragement here. We also recognize that in many countries there is not a lot that the regulators can do to clamp down on vishing criminals who operate from overseas (although if no one says anything, then there is quite literally nothing that the regulator can do because the problem remains invisible).
In the US, report fraud at https://reportfraud.ftc.gov
Our advice on how to spot and stop cyber scammers, including those who use voice and text messaging, is as follows:
- Don’t try. Don’t buy. Don’t reply.
- Don’t let yourself get seduced into talking to the scammers at all. We advise against what’s called “scambaiting” – the pastime of deliberately leading scammers on, especially over the phone, in the hope that it might be amusing to see who’s at the other end. You’re talking to a crook, so the best thing that can happen to you is nothing.
- Contact companies you know using information you already have. If you are worried about a fraudulent transaction, login to your account yourself, or call the company’s helpline yourself.
- Never rely on information provided in an email, or read out to you in a call. Don’t return a call to a number given by the caller. If it’s a scammer, you will not only end up talking to them, but also confirm any guesses (e.g. “you applied for a loan” or “it’s about your Amazon account”) that the scammer made in the initial contact.
- Hang up on unwanted voice calls; don’t return automated voicemail calls; don’t click login links in emails; and if you need to report or investigate a scam or a fraud, find your own way to the company concerned.
BPI helps: (248) 357 – 3980