Don’t Be Scammed

There have been an awful lot of recent stories about people being scammed. Phone scammers, email scammers, social media scammers and even text-messaging scammers. I seems like our need for faster and more convenient service has also enabled and emboldened the scammers.

The scammers have progressed significantly since the days of calling and asking for a credit card number. Sure, they still do that, but now they do so much more. There are entire industries that have cropped up around the world, employing thousands of people. There are specialist within the industry as well: hackers (who break security and steal data), data gatherers, personal con-artists, bank con-artists, code-breakers, and so on. A scammer ‘agency’ will have many of these specialist working as a team, in what is called a ‘boiler room’, to so fully identify a person that they can (and have) call someone’s bank and con their employees into wiring a victim’s money to an off-shore account.

But there are steps we can take which should lessen the risk that it will happen to us. Some of these suggestions may seem a little extreme. So I thought a little information about a typical scammer operation would help explain why such measures will be ever-increasingly necessary. A scammer operation has sophisticated database systems designed to match-up information they gather from several different sources. They may purchase hacked information on the “dark web” (which is just a name given to web sites that aren’t indexed by search engines or accessible without special software) or have hackers on staff who provide personally identifiable information (PII) about millions of people. From there, their systems will work to match up the pii with information they’ve collected about phone numbers, email addresses, and social media. The matches that their systems produce with the highest-level of accuracy (or probability) will then move on to the next stages. A new first step is a call from (what looks like) a local number. These are just to see if there is a person answering the phone. If so, the number is marked for the next step, waiting for a con-artist to move on it at a future date. Social media scammers will scour the targets accounts to accumulate information which is often used for passwords; such as pet and family names, maiden names, first car/concert/school, etc. We’ve all seen these “harmless” quizzes, right? Email hackers will try their hand at breaking into the targets email accounts to determine their bank, credit card companies, business relationships, and so on. When they finally get enough information, con-artist with specialized skills will work to get the target, or their bank, or anyone they can to give them whatever they can get by impersonating someone of authority; such as the government, bank, lending institution, utility, law enforcement or the target, using whatever type of communication they can. Once any money is sent, it is gone forever. Current systems let it immediately disappear into an ‘untraceable’ maze of overseas accounts.

So here are a few steps we can take today to lessen our risks.

  1. Change passwords frequently (to something that is not easy to break). I know everyone dislikes this one because it’s not easy. You can save yourself a lot of grief by saving the passwords in a secure location.
  2. If you get a call, text message, or email asking you to do something immediately (such as send money), ask for a call back number. Never, ever, send money to an account given on the phone. If you do get an account number, tell them the money is on its way, then call the police immediately. But don’t send any money.
  3. Always look up a customer service number yourself. Don’t rely on the one given in a phone call, text message, or email. Don’t trade security for convenience.
  4. If you answer an unknown number, don’t offer any information at all.
  5. Know that familiar looking phone numbers and caller id mean absolutely nothing. By using spoofing, scammers can make an incoming call look like anyone (including yourself). I literally have received calls from my own number on more than one occasion.
  6. If a caller hangs up on you before you answer, don’t call them back. If it’s important, they’ll leave a message. Remember too, that some off-shore calls can legally cost over $12 per minute.
  7. Never execute a computer command provided to you by an unknown caller or email. Doing so can give them complete access to your computer and all the information it contains.
  8. Don’t click on links in emails or unknown websites. A link can literally display one web address, but send you to a completely different address than the one displayed. On a computer, hovering over a link with the mouse will normally display its true destination in a pop-up box or in the browsers status bar.
  9. Never give your social security number to someone over the phone. Even the Social Security Administration is moving away from using the social security number starting this year.

I am certain that institutions and governments will someday address the current loopholes in our systems that allow phones to be spoofed and monies to immediately vanish offshore. But until then we all have to stay on our toes. If you believe that you been the victim of a scam, you should call your local law enforcement and the following agencies:

Thanks for reading,
And remember to take the next step…

For more information on phone based scams