An Australian researcher has data to suggest cybercriminals are getting better results using phone calls and text messages for their scams than email. Find out why, and get tips for staying safe.
Digital bad guys are no longer satisfied with email fraud, and they're switching to phone and text scams, according to David Glance, director of the Centre for Software Practices at the University of Western Australia. In his The Conversation column Phone scams cost billions. Why isn't technology being used to stop them? Glance writes that in Australia, 45% of all scams are now initiated via phone calls or text messages.
One reason for moving away from email to phone and text scamming is the increased effectiveness of email spam filters. "Filters are using machine-learning techniques to better identify the wide range of scams now arriving in users' inboxes," suggests Glance.
Another reason, according to Glance, is that little is being done to thwart phone and text scams, so cybercriminals are less worried about getting caught. Glance mentions that some cybercriminals in Australia brazenly use the same phone number for different scams—for example, using one number a scammer might pose as the Australia Tax Office on one call and on another call as an insurance company wanting to pay compensation for an accident.
SEE: Ebook—Cybersecurity in an IoT and mobile world (TechRepublic)
Imposter scams in the US
Fraud, where the scammer pretends to be a government official, is a problem in the US as well. The Federal Trade Commission (FTC) in a March 3, 2017 press release reports complaints about imposter scams have surpassed those related to identity thefts for the first time, and are due, in large part, to increased complaints about government imposters. "Imposter scams come in many varieties, but work the same way: a scammer pretends to be someone trustworthy, such as a government official or computer technician to convince a consumer to send money," from the FTC press release.
When asked if imposter scams are the same as phone scams, Professor Glance says they are similar, adding, "An imposter scam is the FTC's name for any type of scam which involves the scammers pretending to be someone they aren't—so relatives, organizations, companies, etc. cover the usual range of scams I talk about in the article."
SEE: Identity Theft Protection Policy (Tech Pro Research)
"Can you hear me?" scam
A scam that Glance considers an "absolute tell" is one where the caller (human or robocaller) asks, "Can you hear me?" The seemingly innocent question is usually answered without thinking. "You say 'yes.' It gets recorded, and they [scammers] say that you have agreed to something," says Susan Grant, director of consumer protection and privacy for the Consumer Federation of America in this CBS News article. "I know that people think it's impolite to hang up, but it is a good strategy."
SEE: The truth about the 'Can you hear me?' scam (CNET)
Public and private intervention
Glance believes governments need to do more to eliminate phone and text scamming. "Government agencies like the Australian Competition and Consumer Commission and the FTC in the United States receive thousands of complaints from consumers with details of the phone numbers involved," mentions Glance. "It would be trivial for these agencies to make these numbers available to companies like Apple and Google that could incorporate phone warnings directly into their software without the need for third parties."
Glance also suggests that Google and Apple have options independent of government agencies, writing, "With machine-learning techniques being used to analyze email, it will also be possible to apply the same technology to phone calls."
SEE: The Four Volume Cyber Security Bundle (TechRepublic Academy)
Scam-prevention options and advice for users
There are options available to users that can help prevent them from becoming victims of scams. Glance suggests two applications for mobile devices: Hiya and Truecaller. The apps are crowdsourced and programmed to alert a user when someone is calling using a number associated with a reported scam. He adds a cautionary note: The apps help but are not perfect.
Glance also advises people to be leery—the potential for becoming a scam victim is always there. Any unexpected phone call should be treated with suspicion. "There is a golden rule—never pay money to anyone who has asked without your expecting the demand," adds Glance. "The other thing I do, if suspicious, is search online for the suspect telephone number or something about the type of call."
SEE: How to install two of the best call blocking apps for iOS 10 (TechRepublic)
An extra dose of emphasis
Professor Glance feels it important to reiterate, "Government agencies should be doing more to actively protect the public rather than just trying to be an educational resource—making their data available publically would be a good thing, raising the bar for scammers."
- FTC looks to shut down fake tech support scams with Operation Tech Trap (TechRepublic)
- Identity theft is alive and well—and fraudsters keep getting richer (TechRepublic)
- Millennials most likely to lose money from tech support scams, says Microsoft (TechRepublic)
- We talked to Windows tech support scammers. Here's why you shouldn't (ZDNet)
- Identity theft, credit card fraud cost US consumers $16 billion in 2016 (ZDNet)
- Google details how it clamped down on massive phishing scam (CNET)