6 tips to avoid phone hacking and hijacking tricks: Internet Scambusters #536
Scammers are taking control of private and business landlines by phone hacking and hijacking.
Then they use them to trick victims into giving away information or signing up for recurring charges.
In this week's issue, we explain what these phone scammers are up to and how you can avoid their nasty tricks.
And now for the main feature...
Scammers Use Phone Hacking and Hijacking for Phishing
Crooks are using phone hacking and hijacking to conceal their identities during phishing scams.
A message from one of our regular readers alerted us to a clever trick in which scammers appeared to have taken over the phone number of a local church, which then forwarded victims' calls to a recorded message asking for debit card details.
The scam started out in a familiar way. Our reader -- let's call him Nick -- received a text message on his cellphone claiming that suspicious activity had been detected on his card, and asking him to call a specific number.
Because he's smart (and a Scambusters reader!), he suspected a fraud and checked out the number by doing a Google search. It turned out to be the legitimate number of a church.
Then he used a computer device, for the sake of anonymity, to call the number.
Nick takes up the story: "I got a message saying, 'Welcome to Customer Support, Verification Services, to reactivate your card. Live service will be unavailable. Now enter your 16 digit card number, followed by # key.
"I put in 1111-1111-1111-1111# and it continued, 'Now enter your credit card expiration date.' I put in 11/11#.
"Then it said, 'Now enter your personal identification number PIN, that you use for ATM transactions.' I put 1111#.
"And finally: 'Enter your CVV on the back of your card.' I keyed in 111#, waited and the message finally said: 'Sorry our records show that your card is already activated and your card is secure. Goodbye.'"
Nick called the number a few times and once or twice actually managed to get through to the church's own answer phone. Of course, he also reported the incident to local police.
But what's going on here?
Clearly, if he'd given his real card details, he would have been well and truly scammed -- parting with this crucial, confidential information, especially the CVV number on the back.
Equally clearly, the church itself was presumably not in the scamming business!
So the only conclusion is that calls were being forwarded from the church phone to another, unidentified number, probably in another region or even another country.
Using this trick, the scammers hide themselves and make it look like the victim is calling a local number.
But how did it happen?
Well, as we've previously reported, scammers can use a simple trick to hijack phones by fooling owners into keying in a number that automatically forwards any further calls.
You can read more about this in one of our earlier issues, ScamLines 1: What's New in Scams?.
Usually, this links the phone to a premium phone line for which the user ends up paying a whopping bill.
There seems to have been some recent resurgence in this crime but that obviously wasn't the intention with Nick.
It's also possible that the church's phone could have been hacked by other means.
If it used computers to manage its call system, these could have been compromised by malware or a virus, enabling the crooks to control the entire system.
It's even possible that the phone system could have been physically tampered with, linking it to the scammers' own system.
Whatever route the crooks took, it highlights the vulnerability of phone systems and their users.
And it's not an isolated case.
For instance, an Arizona TV station recently reported that phone calls to customer service organizations were being hijacked and diverted by scammers to trick users into signing up for recurring phone bill charges.
The call answerer poses as a legitimate customer service rep and offers a $100 gift card to the caller as compensation or reward for whatever they're calling about.
But they insist victims pay a $4 "shipping charge," which supposedly also gives them access to a free information line.
In reality, they're "signing up" to subscribe to a useless information service based in Peru that is charged monthly to their phone bill.
And, of course, they don't get the gift card.
At the time of writing, it's not known how the scammers are managing to hijack the calls but, according to the TV station, the incidents are being investigated by the FBI.
In another recent case, this time in Ohio, a woman received a string of complaint calls from people who said they'd been conned by someone using her phone number.
Again, no information on how the crooks managed to hack her phone.
In addition, as we have already reported in Scammers Can Now Use Fake Caller ID Number, crooks use computer systems to spoof legitimate organizations on caller ID systems.
There are a number of different aspects to these phone hijacking and hacking scams -- depending on whether you're a call victim or your phone system has been compromised.
So, here are 6 simple rules to follow to avoid being either type of victim:
* Never agree to forward a call or dial another number from your phone on behalf of someone you don't know -- especially those who claim to have called you by mistake.
* Don't rely on caller ID as a confirmation of who the caller really is.
* Be wary when making customer service calls, especially those based on phone numbers you see on the back of a product you buy.
Don't agree to anything that involves making a payment or joining a "free" service.
* If you're given a supposed business number to call, key it into a search engine like Google and see what comes up.
If it's a legit organization it should show up in the search.
If it shows a different name -- as happened with the church name for Nick -- or tells you it's a private number (it won't actually give you the name of the owner), you know something is wrong.
* Always check your phone bill (landlines and cell phones) carefully.
If you see charges you don't recognize, contact the phone company, and ask for them to be removed.
Even if they won't do that, insist that the recurring charge is canceled.
* Remember that banks and other card issuers don't use text messages or emails to alert you to problems with your account. That's always a scam.
Even if they call you, you should never give your card details to anyone without independently and thoroughly confirming who they are -- least of all in response to a recorded message.
Call the number on the back of your card and ask them to verify if there are any problems.
Finally, if you think your phone number has been compromised or you encounter an experience like Nick's, report it to the police.
It looks like law enforcement are still trying to establish how the crooks are pulling off some of these latest phone hijacking and hacking tricks -- so be on your guard.
Time to close today, but we'll be back next week with another issue. See you then!