Scammers Use Phone Hacking and Hijacking for Phishing

6 tips to avoid phone hacking and hijacking tricks: Internet Scambusters #536

Hi,

Scammers are taking control of private and business landlines
by phone hacking and hijacking.

Then they use them to trick victims into giving away
information or signing up for recurring charges.

In this week’s issue, we explain what these phone scammers are
up to and how you can avoid their nasty tricks.

But first, we urge you to take a look at these top articles
from our other websites:

What Credit Card Companies Don’t Want You to Know, Part I: Take a look at some of the simple things that could profit you that credit card companies aren’t making overly obvious.

Some Revealing Myths About Dreams: Let’s rub out a few of those dreams myths together, shall we?

Wedding Shower Gift Etiquette: Here are a few guidelines to consider when choosing a wedding shower gift so you can avoid a misstep etiquette-wise.

Save Money With Small Changes: Here are some simple ways to cut costs and save money when it comes to your household chores and activities.

And now for the main feature…


Scammers Use Phone Hacking and Hijacking for Phishing


Crooks are using phone hacking and hijacking to conceal their
identities during phishing scams.

A message from one of our regular readers alerted us to a
clever trick in which scammers appeared to have taken over the
phone number of a local church, which then forwarded victims’
calls to a recorded message asking for debit card details.

The scam started out in a familiar way. Our reader — let’s
call him Nick — received a text message on his cellphone
claiming that suspicious activity had been detected on his
card, and asking him to call a specific number.

Because he’s smart (and a Scambusters reader!), he suspected a
fraud and checked out the number by doing a Google search. It
turned out to be the legitimate number of a church.

Then he used a computer device, for the sake of anonymity, to
call the number.

Nick takes up the story: “I got a message saying, ‘Welcome to
Customer Support, Verification Services, to reactivate your
card. Live service will be unavailable. Now enter your 16
digit card number, followed by # key.

“I put in 1111-1111-1111-1111# and it continued, ‘Now enter
your credit card expiration date.’ I put in 11/11#.

“Then it said, ‘Now enter your personal identification number
PIN, that you use for ATM transactions.’ I put 1111#.

“And finally: ‘Enter your CVV on the back of your card.’ I
keyed in 111#, waited and the message finally said: ‘Sorry our
records show that your card is already activated and your card
is secure. Goodbye.’”

Nick called the number a few times and once or twice actually
managed to get through to the church’s own answer phone. Of
course, he also reported the incident to local police.

But what’s going on here?

Clearly, if he’d given his real card details, he would have
been well and truly scammed — parting with this crucial,
confidential information, especially the CVV number on the
back.

Equally clearly, the church itself was presumably not in the
scamming business!

So the only conclusion is that calls were being forwarded from
the church phone to another, unidentified number, probably in
another region or even another country.

Using this trick, the scammers hide themselves and make it
look like the victim is calling a local number.

But how did it happen?

Well, as we’ve previously reported, scammers can use a simple
trick to hijack phones by fooling owners into keying in a
number that automatically forwards any further calls.

You can read more about this in one of our earlier issues, ScamLines 1: What’s New in Scams?.

Usually, this links the phone to a premium phone line for
which the user ends up paying a whopping bill.

There seems to have been some recent resurgence in this crime
but that obviously wasn’t the intention with Nick.

It’s also possible that the church’s phone could have been
hacked by other means.

If it used computers to manage its call system, these could
have been compromised by malware or a virus, enabling the
crooks to control the entire system.

It’s even possible that the phone system could have been
physically tampered with, linking it to the scammers’ own
system.

Whatever route the crooks took, it highlights the
vulnerability of phone systems and their users.

And it’s not an isolated case.

For instance, an Arizona TV station recently reported that
phone calls to customer service organizations were being
hijacked and diverted by scammers to trick users into signing
up for recurring phone bill charges.

The call answerer poses as a legitimate customer service rep
and offers a $100 gift card to the caller as compensation or
reward for whatever they’re calling about.

But they insist victims pay a $4 “shipping charge,” which
supposedly also gives them access to a free information line.

In reality, they’re “signing up” to subscribe to a useless
information service based in Peru that is charged monthly to
their phone bill.

And, of course, they don’t get the gift card.

At the time of writing, it’s not known how the scammers are
managing to hijack the calls but, according to the TV station,
the incidents are being investigated by the FBI.

In another recent case, this time in Ohio, a woman received a
string of complaint calls from people who said they’d been
conned by someone using her phone number.

Again, no information on how the crooks managed to hack her
phone.

In addition, as we have already reported in Scammers Can Now Use Fake Caller ID Number, crooks use computer
systems to spoof legitimate organizations on caller ID
systems.

There are a number of different aspects to these phone
hijacking and hacking scams — depending on whether you’re a
call victim or your phone system has been compromised.

So, here are 6 simple rules to follow to avoid being either
type of victim:

* Never agree to forward a call or dial another number from
your phone on behalf of someone you don’t know — especially
those who claim to have called you by mistake.

* Don’t rely on caller ID as a confirmation of who the caller
really is.

* Be wary when making customer service calls, especially those
based on phone numbers you see on the back of a product you buy.

Don’t agree to anything that involves making a payment or
joining a “free” service.

* If you’re given a supposed business number to call, key it
into a search engine like Google and see what comes up.

If it’s a legit organization it should show up in the search.

If it shows a different name — as happened with the church
name for Nick — or tells you it’s a private number (it won’t
actually give you the name of the owner), you know something
is wrong.

* Always check your phone bill (landlines and cell phones)
carefully.

If you see charges you don’t recognize, contact the phone
company, and ask for them to be removed.

Even if they won’t do that, insist that the recurring charge
is canceled.

* Remember that banks and other card issuers don’t use text
messages or emails to alert you to problems with your account.
That’s always a scam.

Even if they call you, you should never give your card details
to anyone without independently and thoroughly confirming who
they are — least of all in response to a recorded message.

Call the number on the back of your card and ask them to
verify if there are any problems.

Finally, if you think your phone number has been compromised
or you encounter an experience like Nick’s, report it to the
police.

It looks like law enforcement are still trying to establish
how the crooks are pulling off some of these latest phone
hijacking and hacking tricks — so be on your guard.

Time to close today, but we’ll be back next week with another
issue. See you then!