How vishing scams work and how to dodge them: Internet Scambusters #992
Vishing is a phishing scam but uses your phone rather than emails or texts. And with 298 million Americans using these devices, they've become a prime target for the tricksters.
In this week's issue, we'll show you the way the scam works, how to spot it, and how to avoid it.
Plus, our weekly rundown of scam alerts tells you which is the highest-rated free antivirus software.
Let's get started…
Vishing Drives Surge In Cell Phone Scams
With an estimated 298 million Americans owning a cell phone, it's no wonder they're a prime target for one of the nation's fastest growing scams -- vishing, or voice phishing.
These are fraudulent calls and voicemails used both to steal confidential information and to trick victims into handing over their money.
Smart devices now account for 85% of all phone scams, representing the biggest chunk of the $30 billion stolen from phone users this year alone.
On average, every one of the nation's cell phone users receives at least one robocall scam every day. Often, they're just annoying random attempts to see if anyone answers but, increasingly, crooks leave recorded voicemail messages to try to trick users into believing they're real.
Vishing has been around for at least the past 10 years, but security experts have become alarmed at the huge rise seen during 2020 and this year.
Scammers use caller ID number spoofing, so you can't tell where the call is really coming from, and software to disguise their voices and accents. Their key tactic is to frighten victims into calling them back, often claiming the individual will be in deep trouble if they don't respond immediately.
Sometimes, the scam starts with a text message or even an email, but the aim is always to get the victim to use the phone either to disclose information about themselves or to send money to get out of trouble.
Texts usually carry a 6-digit code similar to those used in many auto-dialed messages but, in this case, the number is fake. You won't get any response by replying. You have to make that phone call.
Often, the "vishers" pose as government officials, usually from the IRS, Social Security Administration or Medicare. But they've also been known to pretend to be utility companies, tech support specialists, financial institutions, call centers, and subscription services.
If you receive a call from an unknown number, let it go to voicemail and then ask yourself:
- Does the speaker sound real? Using computers to generate or disguise voice messages often sounds different from normal speaking, kind of robotic.
- Is it a recorded message? If so, and from someone you don't already do business with, it's almost certainly a scam since robocalls are illegal except for these existing relationships or from a charity or political party.
- Are you being asked for confidential information like account numbers and log-in details? Legitimate callers won't do this, especially if their call is unsolicited.
- Are you being urged to act immediately? This is one of the scammers' most popular tactics by threatening arrest or fines, or claiming money is being drained from your account. Again, legitimate organizations do not make calls like this.
How to Protect Yourself
Other steps you can take to protect yourself from vishing include:
- Installing a blocker app that uses a database of known vishing sources. The most popular one is said to be Truecaller.
- Ignoring caller ID. Because crooks use computer-based communications technology, they can pretend to be whomever they want.
- Don't press numbers on your phone if you're prompted to do so, even if the recording says you can block further calls by doing this.
- Ignore anyone who claims to be from tech support at companies like Microsoft, Apple or major computer manufacturers. If you didn't ask for support first, any call you get is a scam.
Computers have made vishing on a large scale easy for scammers. You will almost certainly get a vishing call in the next few months. Knowing this, each time the phone rings, think, "Is this my turn?"
This Week's Scam Alerts
Best free antivirus: You don't need to pay for good Internet security software. While paid products often have more "bells and whistles," a free app will still do most or all of the job of protecting you. A study by independent research organization AV-TEST last month named Microsoft's Defender (which comes built into Windows) the best free antivirus, detecting all recent malware attacks.
Smell a rat?: On the other hand, brand new malware is often not initially picked up by security programs until it's identified. The latest is RATDispenser, which, in recent tests, was only detected by just 11 percent of security apps. RAT stands for Remote Access Trojan, a new malware downloader that victims pick up by clicking a link or attachment supposedly relating to a product they ordered. Once installed, it opens a door to information stealers, key loggers, and most other types of malware. So, just because you have security software, you still shouldn't click.
Not Amazon: If you receive a call supposedly from Amazon saying something like "Our servers have detected that your account has been logged in from multiple ID addresses," it's a scam. It goes on to ask you to press a key "if this order was not placed by you." If you've remembered our advice in this week's issue, you'll identify it immediately as a vishing attempt. And you won't press that key, will you?
Time to close today, but we'll be back next week with another issue. See you then!