Detecting and Avoiding Phone Scams
By Leila Sharma
Phone scams are a type of social engineering scam, which seek to trick often busy recipients into disclosing sensitive information or providing seemingly harmless responses to questions. This article reviews some of the common phone scams and provides recommendations and best practices.
Common Phone Scams
For an extensive list of scams in the news, see the Federal Trade Commission consumer information web page where you can also sign up for scam alerts. You can visit the FTC’s website to report phone scams.
The “Can you hear me?” Scam
The caller may feign fumbling with a headset and ask “Can you hear me?” or other simple questions, such as “Are you the homeowner?” Although the caller may sound real, these are pre-recorded calls, also known as robocalls. The goal of these scams is simply to get the recipient to say “Yes”. The scammer will record the “Yes” response and then seek to use these recorded responses in voice automated systems to authorize credit card changes and more. The recommended response is to say nothing and to refrain from pressing any keys on the phone (which confirms the line is active), then simply hang up. If you have fallen for this specific scam (by supplying a spoken answer to a question), it is recommended that you monitor all of your active accounts closely.
Tech Support Scams
This occurs via a pop-up on your mobile device displaying “VIRUS DETECTED” or a similar message regarding a vulnerability along with a dial-in support number. To avoid possible malware installation, do not click any part of a pop-up message. Instead, remove pop-ups by closing the browser tab or browser. Please note that anti-virus software may provide informational pop-ups (without a dial-in number), but companies such as Apple and Microsoft will never notify you of an issue in this manner. Scammers in this instance seek to trick users into giving them credit card information for supposed virus removal software (e.g., malware). For more information on this type of scam, visit the NYU IT Security News & Alerts blog.
Banking SMS Text Message Scams
This is a scam in which spammers spoof bank phone numbers and distribute text messages alerting banking customers that their debit/credit card has been used to make a purchase. Scammers then instruct customers to call the provided fraud prevention hotline if the purchase is unrecognized. If you receive such a message, do not call the provided number or click any links in the message. Scammers are seeking your banking credentials. If you want to confirm the legitimacy of this type of message, call the phone number on the back of your credit or debit card to verify the validity of the request.
Telemarketing Scams Offering Prizes That Sound Too Good to Be True
These scams may occur via robocalls and phishing (e.g., email and text messages). Common indicators include statements such as:
- You’ve been specially selected for…
- You have to make up your mind right away.
- This investment is low risk and provides a higher return than you can get anywhere else.
- We’ll put the shipping and handling charges on your credit card or pay a small fee by credit card to claim your prize.
The caller may even direct you to a website offering (fake) customer testimonials. If you receive unwanted sales calls simply hang up without disclosing or confirming any information.
Scam Based on Threats to Ransom Apple Accounts
Remember the recent threat by the hackers threatening to ransom Apple accounts? (For more information on that threat, see the NYU IT Security News & Alerts blog.) A related piggyback scam involves calls made by scammers claiming to be Apple Support. An automated message tells users that their iCloud accounts have been hacked. They are then transferred to a live person who seeks their personal and Apple account information. Some scammers even seek a credit card payment for antivirus software (e.g., malware). Remember that neither Apple nor Microsoft will ever reach out to you proactively to warn you of security and other issues.
Often conducted via robocall, scammers seek “tax payments” over the phone and may even possess the last four digits of your social security number as an identifier. Remember: The IRS never seeks payment over the phone. If you have questions about an IRS-related call, it is recommended that you contact the Treasury Inspector General for Tax Administration at 1-800-366-4484.
Some scammers pose as charitable workers soliciting donations. Rather than making a donation in response to a phone solicitation, make a donation by contacting the charity via a trusted phone number or address, or visit their website at a known URL or via an internet search to donate online.
Managing the Calls You Receive on Your Personal (Non-Business) Phone Lines
- A simple approach with respect to your personal phone lines is to not answer calls from phone numbers you do not recognize. Let calls from unrecognized numbers go to voicemail or your answering machine.
- To deter unwanted sales calls, register your home and mobile phone numbers at no cost with the National Do Not Call Registry. Registration will not deter all phone scams, but it will deter most. However, you may still continue to receive political, debt collection, and survey calls.
- If you receive a sales call 31 days after registration, report the call online or call 1-888-382-1222 (TTY: 1-866.290-4236). Those who violate the Do Not Call Registry or place an illegal robocall can be fined up to $40,654 per call.
- Report robocalls to both phones that are registered or unregistered with the National Do Not Call Registry. You may also call 1-888-382-1222 (TTY: 1-866.290-4236) to report.
- Call blocking on mobile and personal landlines:
- If you receive a spam call on your mobile device, you will likely have the ability to block future calls from the same number.* For more information, please consult your service provider or device manufacturer. There are also smartphone apps for blocking unwanted calls.
- If unwanted calls are made repeatedly to a personal landline, ask the service provider to block the number.
*Unfortunately, call blocking is not always effective, as internet phone systems make it easy for spammers to call from anywhere using a spoofed phone number (a.k.a. “caller id spoofing”).
Phone Scam Best Practices
- When in doubt of the legitimacy of the call, simply hang up without providing any responses, pressing any keys, or opting to speak with a live person.
- Do not disclose or confirm financial or other sensitive data (e.g., date of birth, social security number, credit card number and credit card security (CVV) number, or driver’s license number) over the phone.
- Be aware of caller ID spoofing. Even though you may recognize the number displaying on your caller ID, the actual phone number being used to place the call may be different. Rather than disclose sensitive information to a caller, place a call yourself to a trusted phone number or make an in-person visit.
- Don’t be pressured into making quick decisions. Instead, take the time needed to research individuals and organizations. If you are pressured by a caller and sensitive information is requested, you can report the call to the FTC.
- Be wary of sending money anywhere for an emergency. Money sent by wire transfer or prepaid card is difficult to track.
- If you believe you have fallen victim to a phone scam, monitor all of your active accounts closely, alert banking and other institutions, and change passwords and account numbers as/if necessary (especially if you believe credentials and account numbers have been compromised).