Why You Can’t Trust Phone Calls You Think You Should Trust


Photo Credit: iStock/lolostock

“Call from 877-382-4357? Hang Up,” warns the Federal Trade Commission. Seems that phone number – better known as 877-FTC-HELP, the agency’s go-to hotline to report scams – is another example in a never-ending plague of spoofing, the practice of deliberately displaying a false number (and sometimes name) on the recipient’s caller ID.

The goal of scammers using this tried-and-true telephone trickery is to present a phone number that can be trusted, so recipients answer the phone. “Once you start talking,” explains Jonathan Sasse of PrivacyStar, whose app identities and blocks scam calls, “their autodialing software detects a live number and person on the other end and the scam begins.”

How spoofing works: Using cheap and readily available services such as Spoofcard and/or popular computer-based Voice over Internet Protocol (VoIP) telephone systems, phoning fraudsters select whatever number they want displayed, for whatever ruse they choose. They most often pretend to be calling from a government agency, utility company, bank or tech company such as Microsoft. They also claim to be police, sweepstakes officials, even AARP. Fast-growing schemes include spoofing local numbers (typically using the recipient’s same area code and prefix) so calls appear to be from neighbors, your pharmacy or doctor’s office – or even your own phone number.

Some spoofed calls are made individually, but the majority are sent en masse – sometimes by the millions – with the help of autodialers. Some are “live,” but most are robocalls – and with as little as your “Hello,” you’re typically transferred to a boiler room where a smooth-talking fraudster take over.

Although spoofing scams have been around for nearly a decade – originally done mostly to glean consumers’ bank account details – it’s now the foundation of most leading phone scams. (Spoofing itself is not illegal, but under federal law, it is illegal to transmit misleading or inaccurate caller ID information “with the intent to defraud, cause harm, or wrongly obtain anything of value.”)

Whatever the ruse, it’s the same rip-off: First, display a phone number that appears trustworthy so the call is answered. Then, those most untrustworthy scoundrels behind this deceptive dialing angle for your money and/or phish for personal information that could be used for identity theft – usually by instilling fear, sometimes luring with greed.

To make calls seems authentic – and better incentivize you to answer – spoofed numbers often display the name of the supposed caller, say “Internal Revenue Service” or “Bank of America.” But others have more generic displays such as “Bank” or “County Courthouse,” maybe a city such as “Washington, D.C.”; others simply show a phone number.

Consider the most common phone schemes, each using spoofing with a fraud-focused cornerstone: False threats of immediate arrest from self-described IRS agents and police because of overdue taxes or missing jury duty. Bogus bank calls alleging “a problem with your account” and Medicare scams claiming a need to “verify your identity” or you’ll lose benefits. The myth that your computer has a crippling virus when those liars from a far-away country have no idea if you even own one. The list goes on – and so will spoofing.

Depending on your phone type and operating system, call-blocking apps such as Hiya, Truecaller, NoMoRobo or PrivacyStar can block many spoofing calls. But when others get through, here’s what to do in addition to not answering or hanging up:

 

  • If you answer, don’t speak. A “live” person on the other end will start a conversation, but several seconds of dead silence indicates it’s a robocall using voice-activated technology to transfer you, or at least play a message.
  • If you speak, say nothing of value. That includes providing or even confirming your name, account numbers, anything that helps phoning fraudsters identify you. If the caller claims to be with a company you do business with, hang up and call the customer service number listed on your statements, in the phone book, or on the company’s website. If the caller claims to be with a government agency, hang up – knowing that the IRS, Medicare, SSA and other government agencies do not make unsolicited phone calls.
  • If you have a voice mail account with your phone service, set a password for it.  Some voicemail services are preset to allow access if you call in from your own phone number, and without a password, scammers could spoof your home phone number and gain access to your voice mail.
  • If it’s not personal, assume it’s a scam. Unlike automated but personalized reminder calls from doctor’s offices or pharmacy, scam robocall campaigns do not mention your name or other personal identifiers. That’s because thousands or millions of others get the identical message.


For information about other scams, sign up for the
Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.




Source link

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump

5 Ways to Spot Skimmer Scams Before You Use an ATM or Gas Pump


Caption: iStock/GCShutter

Skimming fraud has been around for more than a decade, and continues to evolve. Today’s skimmers – illegal card-reading devices placed on ATMs, gas pumps and other public-area machines that process debit cards – are stealthier and more sophisticated than ever.

These devices “skim” information from the card’s magnetic strip as a nearby hidden camera, also placed by skimming scammers, records the PIN that you enter. Although you get your cash or can make a purchase – none the wiser of a skim scam flim-flam – the crooks can get more: Using information from the skimmer and camera, they make duplicate cards to drain cash from your accounts, or sell your card number and PIN for others to fleece you.

The good news: In most cases, stolen funds are usually reimbursed provided you report the fraud to the card-issuing bank within 60 days (another reason to keep close and timely tabs on accounts).

The better news: With a few simple steps before you use your card, you may be able to detect skimmers and tampered machines to avoid potential trouble. Here’s how:

  1. Pull on the slot. The latest generation of card-reading devices, used with increasing frequency by skimming scammers, are thin “insert skimmers” that fit inside the card slot at an ATM or gas pump. “New evidence suggests that at least some of these insert skimmers – which record card data and store it on a tiny embedded flash drive – are equipped with technology allowing them to transmit stolen card data wirelessly via infrared, the same communications technology that powers a TV remote control,” reports noted cybersecurity blogger Brian Krebs (who provides photos of insert skimmers). So before using the machine, squeeze, wiggle and tug the insert slot to remove insert skimmers, along with some old-school models placed over the card slot that protrude outward. In general, card slots should be flush against the machine; be suspicious of those where the entire or half of the slot sticks out.
  2. Check for spy cameras. Although skimmers record data from a credit or debit card’s magnetic stripe, fraudsters also need your PIN in order to withdrawal cash or sell cloned cards. To glean PINs, they place pinhole “spy” cameras that collect numbers as they’re being typed on the keypad. Look for small holes just above the display screen, on an attached brochure or other type of box, or even on protruding covers placed over the cash dispenser. Even if you can’t detect evidence of a camera, cover your hand when entering your PIN.
  3. Avoid “void” stickers. To help spot skimmer tampering at gas pumps, many stations now place security seals over the cabinet panel as part of a voluntary program, notes the Federal Trade Commission. If the pump panel has been opened – an indication of possible skimmer placement – the label will read “void” and take that clue to fill your car elsewhere. Still, whenever you use a debit card at the pump, you’re safest by pressing the “credit” button instead of “debit.” This way, you can still use your debit card without having to enter a PIN, and the purchase amount is processed through a credit card network that provides greater protection if fraud occurs.
  4. Inspect the keypad. False keypad overlays that look exactly like, and fit directly over, the real McCoy are another way fraudsters can collect PINs as accompanying skimmers get card data. So before entering your card, check the keypad – and think twice before using if it feels loose, spongy, or the keypad panel appears raised or thicker compared to the rest of the machine. Also before using, give several buttons a test run and be suspicious if they feel sticky. Crooks have been known to place glue on and around certain buttons – particularly “enter,” “cancel” and “clear” – to prevent customers from completing a transaction after inserting a cash card and keying in a PIN. (When customers go inside a bank to report the problem, the waiting thief “unsticks” the buttons with a knife to complete the withdrawal.)
  5. Check the audio jack. Most ATMs have an audio jack that goes unnoticed to the average customer – and that works to their advantage. If not perfectly centered inside the plastic overlay cover, it suggests the machine has been tampered with. Another tampering tipoff: Look for cracks or cuts on the plastic covering the receipt slot, cash dispenser or other portions of the machine; these coverings should be completely smooth.

 

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 



Source link

Pin It on Pinterest