Caller ID can Cost You $$$$

Fraud using the telephone is nothing new and has been around for as long as there have been telephones. After all, a telephone is merely a communication device that can be used to dupe someone into doing something they might regret later.

Saying that telephone technology, which has grown rapidly in recent years, has given fraudsters a wide array of new tools. More and more frequently, these tools are used to depart common people and even large businesses from their hard-earned money.

Take Caller ID for instance, which is marketed as a means of protecting our privacy. When I say marketed, it's normally sold to us for a fee so we can see who is calling us. The irony of the situation is that for a fee (over even for free in an app store) -- just about anyone can make the ID appear to whatever number they desire. If you have a person stored in your contacts and their number is used, the contact information stored in your phone will appear on the screen. 

The ability to spoof (fake/impersonate) Caller ID has been around for a few years. Collection agencies, private investigators, telemarketers, and even law enforcement agencies use it to get people to answer their telephone.  Unfortunately, scammers and seedy telemarketers are now using this technology to trick people into buying questionable goods and services or even steal from them. 

The FTC has a great site to educate the public on this activity and you can file a complaint with them.

Common lures/signs of a scam to snag a victim include:

• Your banking credentials have been compromised and they ask for financial verification to verify your identity (they often spoof the financial institution's number).
• You owe the IRS money and will go to jail if you do not pay today.
• You owe for a loan and will go to jail if you do not pay today.
• That they have been monitoring your credit and you now qualify for zero interest on your credit cards. 
• You've been specially selected (for this offer).
• You'll get a free bonus if you buy our product.
• You've won one of five valuable prizes.
• You've won big money in a foreign lottery.
• This investment is low risk and provides a higher return than you can get anywhere else.
• You have to make up your mind right away.
• An offer of a free vacation. 
• An offer of a "too good to be true" business or investment opportunity. 
• You trust me, right?
• You don't need to check our company with anyone.
• We'll just put the shipping and handling charges on your credit card (If they get your payment card they often use it to commit additional fraud).

Please note that some of these scams are telemarketing come-ons. Many are also charity scams, where no money is ever given to a real charity. It is prudent to research the validity of any charity, which can be done by visiting the Charity Navigator website. 

More and more frequently, Caller ID is being used by organized (and maybe some not so organized) criminals to commit fraud. A couple of years ago, 62 people were arrested for operating from a call center in India and impersonating IRS or ICE agents. They allegedly made $75,000,000 in one year from this operation. I received several of the alleged IRS calls and they all had a Washington DC area code appearing on my telephone. With tax season here, we can probably expect to see these calls resurface again. 

Most of the calls, I have personally received or heard about involved a person with a foreign accent. I suspect a lot more of this activity comes from call centers located overseas. Unfortunately, we have all been "trained" to accept calls from people with foreign accents by corporate entities outsourcing jobs in order to save payroll dollars. 

The Truth in Caller ID Act was signed into law in 2010, which makes it illegal to spoof a number in order to commit fraud. Despite the law, the amount of this type of fraud seems to be on the rise. Due to the fact that most of these calls originate from overseas by purchasing a local telephone number -- and then forwarding the calls -- the danger of any real consequences is extremely minimal. The other option provided is to sign up for the FTC's "Do Not Call List," but this seems to be ignored by the people making the calls. 

Being able to spoof a call has become too easy. A simple Google search will reveal all kinds of "resources" available to anybody. 

In my humble opinion, the need for additional legislation to combat this growing problem is pretty apparent. Most of us are exposed to this activity "too frequently" via easily available technology, which not only includes "spoofing," but also includes professional sounding "phone trees" backed up by "robocall dialers." Perhaps the solution is to make it illegal to sell this type of technology to "anyone." The telecom types should also be forced to aggressively to come up with robust solutions to protect their customers from a service they are charging them for.

Vishing - The New Way to Lose Your Identity

The security media is reporting a new scam called "vishing," ( phishing by telephone). In vishing, a person is called, or directed to call a number and tricked into giving up their personal details. Note that the call might have someone give up information over the telephone, or direct them to a fraudulent website (like they do in phishing). The intent of these (vishing) scams is to steal personal information, which are used in "identity theft" schemes.

Of course using the telephone to rip-off people is nothing new. Telemarketing scams have been around for years.

The lures used to "dupe" innocent people are normally the same ones used in phishing, like telling you an account has been compromised. It's even possible they might already have some of your information (a lot of it has already been compromised) and be trying to get a credit card's CVC code, or obtain a password to an account.

According to a recent BBC article, the recent bouts with "vishing" started with spam e-mails directing someone to call a number, where they would be prompted to give up personal information. The scam has now mutated (they always do) and now people are being called by "autodialers," which dial number after number and leave a recorded message.

The rise in popularity of Voice over Internet Protocol (VoIP) is being cited by security experts as the reason why vishing is becoming a problem. VoIP has made calling long distance cheap, which means that vishing crosses borders; making it hard to trace and or prosecute.

The BBC article also states that it is relatively easy to spoof "caller-id" with VoIP. Security Focus recently did an article that supports this contention. In the article, a hacker easily showed the reporter how it was done.

For anyone unfamiliar with "spoofing caller id," fraudsters aren't the only ones who do it. In fact, many legitimate corporations use "caller id spoofing services" to trick people (my own words) into picking up the telephone.

For a post, I wrote about this, link here.

So far as how to protect yourself from this sort of scam, I would highly recommend that if you receive any telephone calls (or a e-communication to call a number) asking you to "verify" personal, or financial information that you take a "deep breath" before proceeding. Most of us have access to legitimate telephone numbers with places we do business with. The key to protecting yourself is to always verify who you are talking to and make sure they are entitled to the information in question.

And remember that since "vishing" is relatively new, financial institutions might now be the only organizations impersonated. The history of phishing tells us that sometimes government institutions are also impersonated. In the past couple of years, we have seen the IRS and even the FBI impersonated in phishing schemes. As a matter of fact in October, 2005 - I did a post on the Jury Duty Scam - where fraudsters (we might now term as "vishers") were calling up to verify personal information.

Maybe "vishing" isn't as new as we thought it was?