Phone Scams: What You Need to Know
You know what really sucks? When bad actors use the awesome technology of today in order to trick us into doing their bidding. The worst part about all this is that the more technology progresses, the easier it becomes to set up some sort of scam to get something out of people and scammers have tricked Americans into losing billions of dollars. 2023 is still going on and hard data is scarce, but let’s take this example: ever since 2018. And a recent study showed that some of the most popular US carriers are being used by scammers in order to target US citizens. The great news is that authorities of all shapes, sizes and origins have noticed and there’s actually numerous things going on in order to reduce the rate of cybercrime in the US. That being said, those rates are still pretty high. So we decided to lend a hand and help out through the power of information! Because, as G.I. Joe said: knowing is half the battle. But just in case you don’t trust a children’s cartoon: . And in the case of phone scams, it is absolutely true.
What are “phone scams”?
Well, that’s when a bad actor gets in touch with you over the phone and then tries to get something out of that exchange, without any substantial reason for them to expect that. As you might know, however, phones have become pretty capable. As such, “getting in touch” can mean a number of things and scammers are prone to using all of them. So, if we have to be technical, then phone scams can be put into three categories:
- Call scams
- SMS scams
- Email scams
Now, I know that some of you may disagree regarding the last bit, so I’d like to raise this reminder: most of us have phones and all phones, regardless if it’s an iPhone 15 or a Galaxy S23, literally come with an email address as a requirement for you to use them. So, while at first glance it may appear as if the only difference between these three is the means of contact, that’s not actually the case. Because the type of communication defines what tactics the scammer can use against you. Even if they are technically the same tricks, they can look and feel different depending on the means of communication. And if that’s the case, we can’t really go on without specifying said tricks!
The tools of a scammer’s trade
Social engineering: the art of convincing people to do things
Pressure: the key ingredient to get you to act on the convincing part
Spoofing: a technology used to change the displayed caller ID
Imposter schemes: scammers pretending to be someone else
Trusting that you won’t do anything about the scam even if you don’t fall for it
Social engineering is truly awesome. But that’s only from the POV from ethical hackers and social engineers, who use it to raise awareness and educate people. But, unfortunately, bad actors exist too and they can use this tactic in all sorts of ways, like convincing people to download unwanted malware. For example, over the phone a social engineer will act in a manner which can convince you that they are indeed calling from your carrier’s support center or from your bank, or even from your local hospital. These people basically act out the part: they mimic the typical tone of voice, they use the expected vocabulary and some of them even fake accents to seem like foreigners in order to get you to trust them, which is their key to getting something from you, like your credit card information or your passwords.
On the other hand, social engineering looks and feels very different in SMS or Email form. In texts, the aim would be to make the message look as close as possible to an actual one that you may get from any service that you use, such as the ones described above. And in email? Well, scammers can go as far as adding graphics and imitate the templates to convince you that the email that you’ve received is legitimate. But presentation alone doesn’t get the job done, which is why scammers rely on the other tactics. Pressuring you into doing something is a key moment here: social engineers will always try to make the situation seem urgent and will even go as far as to threaten you with jail time, risk of health or financial status or exclusivity of an offer, like a prize.
By the way, even though this is rare, scammers will sometimes try to trick you into downloading files. And they don’t always need to be dead giveaways such as .EXE or .APK files, which are well known installer files. .PDF or .XLS files can be just as dangerous, so if you see that you’ve received one from an unverified source: don’t download it!
Who are scammers targeting and why?
As you might’ve come to understand from the last section: social engineers and scammers in general are pretty smart. But they are also creatures of habit, which can help us identify and combat them. But before we can do that, we need to understand who they are targeting and why. And that part is actually pretty straightforward. Here are the prime targets for scammers:
- Members of organizations
- The elderly
- Victims of massive data leaks
The first one is a wide group: it’s everyone that’s part of a company or any sort of organization, ranging from a book club to an online forum. Why? Well, because if a hacker “cracks” open the right server, all of the delicious, juicy user data like emails and phone numbers are just sitting there. And you already know what social engineers do with that. It really makes me sad to see the elderly still being a target group for these bad actors, because my own grandparents have been victims of scam attacks, where their love for me specifically was the key for the fraudsters almost getting a profit.
Lastly: victims of massive data leaks. And while we hear about bigger instances of such, let’s not forget: a lot of us are taking part in lesser-known services too. And those don’t get as much time in the spotlight. So if you know that you are a part of something like this, then if you start getting spammed, you should definitely check with every service that fits the description.
Even if it may seem like scammers have all they need in order to make a profit from you, here’s the truth: you’ve got all it takes to put a stop to it too! Phone scams aren’t exactly the type of enemy you “defeat”. But you can still come out the victor, so long as you learn how to avoid them.