Scammers today are GOOD! Gone are the days of clumsy Nigerian princes with poor English. Today’s fraudsters are well practiced in social engineering. And it’s not just U.S.-based bad actors who are involved. Many of the operatives are low-paid foreign workers who either don’t know what they are doing is illegal, or feel that the folks in rich western countries owe them some of their bountiful cash.
Still mired in the COVID crisis, plus the recent supply chain problems, we’ve come to rely more on purchasing goods and services via electronic means. Social engineering is all about manipulating people to believe that the website or email they are looking at, or the person they are talking with, is legitimate. We used to believe that only the elderly fell for social engineering. However, a recent study discovered that 80-85% of victims are in the age group of 22 to 55 years old.
Modern scammers study the organization they are going to impersonate. We know that they will often create web pages that are identical to the real ones, but did you know they will speak with the real representatives to discover the words they use, and the accents they have? So that when they call you, or you call them, they sound just like the real McCoy.
What do you mean, you would never call them? I personally know of a legitimate company that let payments for their 1800 number lapse. That number was immediately leased by scammers, and for nine months, the legitimate company’s website sent their own employees to the 1800 number. Duh!
According to the recent Truecaller Insights US Spam & Scam Report, 59.49M Americans (23%) report having lost money as a result of phone scams during the 12-month period – up from 56 million (22%) in the previous 12 months. The average monitory loss was $502, up from $351.
The phone scams can either be a voice robocall from a real number or from a spoofed number, or an SMS text from a real number or a spoofed number. Countermeasures against real numbers are pretty good. For example, Verizon uses a call filtering system to warn customers if a known spammer number is calling.
However, most robocalls no longer come from real numbers: mostly they come from spoofed IDs, and often from a spoofed number from your local exchange – that is, with your area code. So please, NEVER call back and start screaming at your neighbor, unless you’d like a police visit for verbally abusing an innocent person. Likewise, it used to be a good idea to get your numbers registered on the www.donotcall.gov website. This is now ineffective.
The good news is that the major carriers are trying to implement the FCC-mandated STIR/SHAKEN technology to identify the origin of each call. Yes, STIR/SHAKEN is a backronym, based on James Bond of MI6 fame, but it still sounds cool. The STIR part is a backronym describing a method for verifying the originator of a call as it enters a VoIP system. The SHAKEN backronym describes a system for dealing with VoIP-initiated calls entering the cell phone or POTS (traditional landline) networks without verifiable STIR information attached.
These protocols have every likelihood of eliminating spoofed calls originating in North America within a few years. The difficulty is going to be in getting other countries onboard. VoIP calls can be generated anywhere in the world with an internet connection. Thus, calls can be initiated with missing or false STIR information.
So, what can we do to decrease our chances of being defrauded?
1. Assume that every text is fraudulent unless you know who it is coming from or are expecting it.
2. Don’t answer calls from unknown numbers. Always send the call to voicemail, then either listen to the voicemail recording, or search for the number in your emails to see if it appears in a known person’s signature line. If confirmed, then call the person back – and add their number to your contacts list.
3. Even when the person seems legitimate, if it feels wrong, ask the person for a call-back number then research that number online before calling back.
4. If someone from your healthcare provider calls you and needs to verify you are who you say you are before they talk about HIPAA information, ask that person to verify first – after all, they called your number.
Are you interested in selling Verizon Wireless services? Call us at (855) SELL-VZW or fill out the form below. We look forward to talking to you soon!
