Phishing Scams Get Their Own Voice

OpenAI

April 17, 2014 - Phishing is a scam that's been around as long as we've been logging into websites. In the past 20 years or so, most consumers have probably become pretty good at spotting these often purposely-bad attempts at grabbing our info.

For those who are unaware, it works like this - someone who wants to steal data(or money) sends out a wave of emails,.. sometimes they are targeted and sometimes they are random. These emails are forged to look like they are from a legitimate company and usually use one of two common methods for getting your information.

In one version, they promise some sort of gain to you, the reader. In the other, they threaten you, claiming that something is wrong with your account and that you need to login to straighten it out. In both cases, they provide a link to a fake version of a real website, and when you try to sign in, they have your info logged.

It may not even be that account that they want to access. In many cases, these scammers are betting that you lazily use a single password for multiple websites. So if they know your password for an online game, it might be the same one that they can use to access your bank.

So how does this apply to phone calls?

Well, recently it's become apparant that scammers have begun using these same methods over the phone. Calling a consumer directly and playing a spoken message lends a bit of believability to them in some people's eyes, so their success rate may be higher than through email.

In one particular attack, the caller looks up the cellular carrier that registered your phone number and then calls claiming to be that carrier. They tell you that because you are a valued customer, you can login to their website to claim some amount of cash or a credit on your bill. The website they direct you to probably contains the name of your carrier, but it is not owned by them.

If you've ported your number from another carrier, though, they may call and claim to be that old carrier. In this case it's fairly obvious that something strange is going on.

How To Protect Yourself

If you've already received one of these calls and attempted to sign in to the site, you should change not only the password for your phone account, but any other account you have that shares the same password. Using a tool like LastPass makes it extremely easy to use unique, strong passwords for every site you register on, and in a situation like this, can even help you figure out what sites share passwords and then change them easily.

If you haven't signed into the provided site but really think the call may be legitimate, call your carrier's verified support phone number and ask them about it. By calling a verified number and initiating contact yourself, you can be sure you are talking to an actual employee of the phone company. Never just call back the number that called you, it could belong to anyone.

To contact one of the major US phone carriers, use the phone numbers listed on their support websites:

T-Mobile: http://www.t-mobile.com/contact-us.html

Verizon: http://www.verizonwireless.com/wcms/contact-us.html

At&t: https://www.att.com/contactus/

Sprint: https://mysprint.sprint.com/mysprint/jsp/landingPage/contactus.jsp