People have been stealing from others for as long as humanity has existed. Even before currency was ever invented, thieves would steal valuables or food. Nowadays things aren't that hardcore, but modern technology allows people with evil intentions to reach a lot more potential victims. The methods of stealing have evolved, and phone scams are one of the most popular means of deceiving unsuspecting people. Here's how to keep yourself safe:
The best way to protect yourself from something is to gather as much information about it as possible. On that note, the first thing that you should know is that there are multiple phone-related scams and while the details may vary, the method itself is basically the same:
- Direct calls: con artists get their hands on databases of phone numbers, then make calls pretending to have some official business. Mostly, these criminals try to make their victims give them money directly, but more sophisticated crimes may involve theft of financial or personal data.
- SMS: there have been many reports of hackers using URLs embedded in text messages to trick the victim into downloading malware on their devices.
- MMS: most of these also rely on the victim opening links embedded in the message, but there have been cases when the hacker used software vulnerabilities to spread malware as soon as the MMS itself was opened.
- Fake comm towers and WiFi hotspots: this method is a bit more complicated and takes some commitment. Attackers have been known to redirect cell tower signals and Internet hotspots to go through devices that they control in order to intercept the data flow.
Now, here's a closer look at each of these methods and the things that you can do to protect yourself from them:
There are many schemes that involve calling an unsuspecting victim, each of them slightly different, so I can't give you a heads up about all of them, but I will tell you about a few that have happened to me or that I heard about. As I previously stated, most of these scams involve getting the victim to transfer money to an account or give up their credit card information, security numbers, etc. Here are some examples:
Prize schemes: as far as I know, these are the most common ones. A person pretending to be from some kind of company or radio station tells you that you've won some prize, but you need to pay a fee in order to get it. As a rule, the fee will seem incredibly small compared to the value of the prize itself. If the victim agrees, they are either given a bank account to wire the money to or asked to disclose their financial information. As I'm sure you've already guessed, after paying, the victims never hear from the scammers again and never see the prize in question. If it happens to you, and you're unsure if it's a scam or not, just google it. The chances of you being the first person to ever win a prize or be scammed in that way are close to zero, so you will surely find an answer.
Emergency schemes: I'm not sure if this happens in other countries, but I once received a phone call from someone pretending to be a sergeant from the police department in a city that's pretty far from mine. He started the conversation by presenting himself in his "official" capacity (they always do that), then told me my name and asked if I was that person. Once I confirmed, he proceeded to tell me that my sister had been involved in a car accident and is now in critical condition at the hospital, so she requires money for a surgery. I'm not sure if he knew this or not, but I actually have a sister who lives close to the area he was talking about, so I thought he may not be lying, but I still asked for my sister's name, and that's the moment when he hang up.
Tech IT schemes: Since people are getting smarter, some scammers use more subtle ways to steal. I've heard about people who call claiming to be from Microsoft or some other tech company. They try to get the victim to give them access to their computers, then steal all the passwords, accounts and private data that they can find. In case it ever happens to you, you should know that Microsoft never initiates contact with its clients via phone call. If the scammers uses the name of a different company, you should first find out if the company is real, then contact it and establish its identity before giving anyone access into your PC.
Protecting yourself from these kinds of attempts is actually quite easy if you are paying attention and don't let yourself get suckered into the scammer's game. My advice is simple: whenever you're talking to a person you don't know (or don't know too well), you should always question everything they say. 99% of all scammers have holes in their stories that fortunately aren't that hard to find. Simply start questioning them about the official body they represent, ask for their complete ID, their company's phone number and address, more details about the nature of the problem, their boss's name, etc.
Furthermore, it's very likely that the scammer has only a few details about your person: your phone number and name, so you can start asking them things that someone in their official capacity should know about you and see if you can get them to cave in. If they seem to have the answers to all these questions, try googling one of them and see if the answers match. In case you're not near a PC, simply fake an emergency and ask them to call back at a more convenient time.
Also, you should know that reading about it here and actually having people trying to scheme you are completely different things. When you read this article, it may seem that these schemes are too obvious for anyone to fall for them, but in the heat of the moment it's not as easy as it looks. However, if you pause to think before reacting, everything should be OK.
SMS / MMS
Everything that can happen in a direct call scam can happen in an SMS scheme as well, so make sure you triple-check before sending someone money, credit or private information because of a text that you've received. Beside the direct approach, many scammers use numbers that can be easily construed as reliable sources, such as numbers that appear to be from well-known companies or institutions, to get the victim to open an embedded link.
As soon as the victim launches that respective website, their smartphone becomes infected with some kind of malware that steals data or does even worse things. The good news is that defending yourself from this is extremely simple: don't open any link and especially don't download anything on your phone unless you're 101% sure that it's from a safe source. Even if the message that you received is from a friend's number, you should first call that person to make sure that they are the actual sender.
MMS can also embed fraudulent links, so the defense is basically the same. However, as many people can testify, there are times when this is not enough. I'm not sure if you remember this, but about half a year ago, I told you about a new kind of attack dubbed Stagefright: it installed malware on the victims' phones as soon as they opened the message that they received. Fortunately, since then, Google has fixed the vulnerability that the attack was exploiting, but you can never tell when a new one will be discovered. If you want more details about it, you should read the story in question called: "Can your Android phone be hacked with one simple SMS?"
There is a series of advanced methods to steal data from a person's smartphone, but most of the time it takes a lot of effort and the victim isn't chosen randomly, but being specifically targeted. Unfortunately, one of the downsides of the free information is that everyone can find out what these methods are and how to use them, so these days it doesn't take too much to be a "hacker".
As far as methods go, the most common one is a man-in-the-middle attack, where the attacker replaces your regular hotspot with a fake one that he controls, so that he can copy all the information that you send and receive on the Internet. As a defense, using end-to-end encryption services will most likely prevent the hacker from gaining access to your important information.
The other common method of getting personal information about someone is scamming the victim's phone instead of the victim itself. Basically, the attackers place a fake cell signal transmission device between the victim and the comm tower, thus gaining access to the person's calls. This is quite expensive and is mostly used by government agencies and ultra-professional criminals. In case you're wondering how to protect yourself from this, I don't have any experience in trying to hide from the authorities, so you'll need to seek advice from someone more knowledgeable than myself.
If you're interested in more security related topics, you might enjoy reading some of our previous stories such as: "What is ransomware and how to protect yourself against it", "Cyber-warfare and the future", "Top 11 most infamous hackers throughout history" or "Top 7 infamous Internet scams".