February 15, 2018

Telephone Phishing: Voicemail Messages You Should NOT Return

Phishing Phone Calls:
No, There is No Warrant for your Arrest,
and the Police are NOT on Their Way



DO NOT Return a Scammer's Call


Today's world is full of people who are fraudulently trying to separate you from your hard earned money.  Phishing has become a real problem on the Internet, something we've talked a lot about on this blog in the past.  Spoofed e-mails. bad links, text message spam, and malicious Facebook Posts are common ways in which the fraudsters attack.  

But what about offline? Are you safe from phishing attacks if you do not use the Internet at all? Unfortunately, the answer to that question is no.  As people get wiser about online attack strategies, the Bad Guys have begun to attack you offline.  And one of the most prevalent methods of offline phishing uses your telephone.

Today, we're going to look at Phone Phishing.  We are also going to look at two phishing attempts, both employing voicemail.  In both cases, these are examples of voicemails you should NOT return.

What is Telephone Phishing?

Again,  phishers use social engineering to try to steal your money and your personal information.  Phishers will impersonate legitimate companies. They often use fear tactics to scare you into performing a certain action. And if they successfully convince you to perform that action, dire consequences will befall.  

Telephone phishing just refers to phishing attempts delivered through your phone.  Sometimes, phone phishing is referred to as "Vishing," or voice phishing.   Often, these callers "spoof" the caller ID to make it appear as if the call is coming from a legitimate business, or even someone you know.  (I have even received phishing calls where the caller ID shows my own name and number.)   The scammers employ these tactics to increase the chances you'll actually answer their call.

Most telephone phishers do not leave messages.  They want to talk to an actual human being, so that they can manipulate them into giving up data they usually would not share.  

Robocall Phishing

It can take a lot of time and effort to actually dial calls and speak to potential victims.  The more time it takes per phishing attempt, the less hourly profit for the scammer. Because of this, phishers are now utilizing robocalls in their attacks.  

The bad guys get autodialers, capable of calling thousands of random numbers at a time.  If and when one of those calls connect, a computerized voice will play a pre-recorded message. Often, the artificial intelligence asks you to input your personal information, such as a credit card or bank account number, and then hold for the next available operator.  It may ask you to press a button to connect with an agent. These phishers try their best to echo legitimate automated calling systems, used by many legitimate customer service departments.  

A lot of these automated dialers are programmed to leave voice mail messages.  These voice mails tell the receiver that something terrible will happen if the recipient doesn't take immediate action.  Often, they threaten arrest for ignoring the call.  They urge you to call a number ASAP to resolve your issue. And of course, if you call that number, you will end up getting scammed.

No matter how dire the message sounds, the best thing to do is ignore and delete.  Few companies notify customers of a serious issue through a voice mail alone. Most legitimate issues are brought to your attention through a variety of contact attempts, including phone calls, e-mails, and good old snail mail.  Certified and registered mail still provide the best legal paper trail, as well as proof the company alerted you.  In other words, if you are really in some sort of trouble, they will contact you in multiple ways, rather than relying on a single, automated call.

IRS Telephone Phishing

During the first quarter of any calendar year, the IRS Phishing Attempts are massive.  Scammers know that tax season is upon us, and they take advantage of this to scare folks out of money and information.  In fact, we covered IRS E-Mail Phishing last year on this very blog.

Because so many people have become wise to e-mail phishing, the scammers have moved to phone phishing.  Most of these phishing calls threaten you with arrest, or even a law suit.  In The United States, the IRS usually notifies you of tax issues via US Mail.  In 2017, they announced they would be calling some tax payers.  However, they will NEVER use a robocall, and the IRS cannot issue a warrant for your arrest, without you having gone through due process first. In other words, you will know if you are in deep trouble with the IRS, and your first indication of this trouble will NOT come from a robocall or a voice mail message.

The video below contains an actual voice mail message, purporting to be the IRS.  Techlaurels received this robocall message on our own landline phone.  You will need to turn your speakers up to hear the audio.  If you have trouble viewing the embedded video, you can also view it on YouTube (https://youtu.be/yEb5eiGN_e0).




Again, this call is NOT from the IRS.  The police are not going to come to your door. No one has filed a fraud case against you.  The Bad Guys are trying to get you to return their call.  If you do, they will demand immediate payment through an untraceable method, usually Gift Cards or prepaid Debit Cards.  And none of that money will go towards settling your tax bill.

Tech Support Phishing Calls

Next to payment scams, tech support scams are probably the most prevalent form of phishing attack.  And just like with other phishing methods, the scammers are moving offline, in an attempt to convince you they are legitimate.

With tech support scams, the bad guys are usually trying to get into your actual computer. They may convince you to install some software and/or let them "remote in" to repair your system.   Once they are in, they often install viruses or other malware. Additionally, they scour your PC for personal information, including financial log-in credentials.  They may also steal your address book so that they can impersonate you when they launch phishing attacks against everyone in your network.    They may even steal your Facebook credentials so that they may log in as you, change your password, and lock you out of your own account, targeting all of your friends with other scams while they are impersonating you.

Again, the video below contains an actual voice mail message, left for Techlaurels.  This particular phishing attempt recycles a scam that is probably about as old as the World Wide Web itself.  The caller claims to be from Microsoft, and is contacting you to fix all of the issues with your computer, a computer that is so infected it is unsafe to use until you get some technical help.  Of course, the call is NOT from Microsoft, and your  computer is most likely fine.

You will need to turn up your speakers to hear the audio on this call.  If you have difficulty viewing the embedded video, you can view it on YouTube   (https://youtu.be/fmQcohDVMZ0)



If you receive a similar voice mail, just delete it. DO NOT return the phone call. If you are at all worried, run a malware scan on your PC, (something which is NEVER a bad idea.)  Chances are, that scan will come out clean.

Summary:

Telephone phishing, also known as vishing, is a too-common strategy that the Bad Guys use to try to steal your money and your personal information. Responding to any telephone phishing call most likely will result in having your identity stolen.  At the very least, you will be cheated out of something.  

Telephone phishers will often spoof their caller ID, to make it look like the call is originating from a legitimate source.  They may leave voice mails, telling you if you do not immediately return the call, your entire world will come crashing down around you. They prey on fear and naivety.  

Often, folks from a certain generation feel like it's rude to leave a ringing telephone unanswered.  They think it is even ruder not to return a phone call.  The Bad Guys know this, and they use these habits to their advantage.  It is perfectly acceptable to use your caller ID to screen incoming calls, and to let unrecognized or unknown callers go unanswered.  Legitimate callers leave messages. The fact there was no message accompanying a call from an unknown number indicates it was most likely a junk call.

But just because a caller chose to leave a message, it does NOT mean the call was legitimate.  Junk callers use the compulsion to return messages as part of their strategy to trick you.  Today, there are many voice mails left that do not warrant a return call.  If you get a call from a telephone phisher, just hang up.  If you get a voice mail from a telephone phisher, just delete it and do not return the call.

Have you fallen victim to telephone phishers? Have you received calls supposedly from Microsoft or from the IRS?  Did you think these calls were real? What are your strategies for avoiding phishing phone calls? Let us know in the comments, or hit us up on Facebook or Twitter.  And if you get a phishing phone call in the future, just ignore it.

As always, thanks for reading!




No comments:

Post a Comment

Thank you for contributing to the discussion! Your feedback is valued! (Unless you are a sunglasses or work at home spammer, in which case, your comment will be promptly deleted. :D) The Mods are reviewing it, to keep those types away! ;)