This week, the Detroit Free Press (and several other news channels) reported on a spike in the IRS phone scam. It seems that the fraudsters have started to use robo-dialers to leave thousands of voicemails impersonating IRS agents. One victim had this to say: “How genius for them, because that way they weed out people who know it’s not real. If you call back, they know they have you hooked. It’s an evolving scam.”
On Wednesday, Brian Krebs published a story on the rapid rise in smishing and vishing attacks on banks. According to Krebs, over the past two weeks, fraudsters have been blasting out SMS messages to hundreds of thousands of mobile users in the Houston, Texas area. The messages alerted recipients about supposed problems with their bank account, urging them to call a supplied number. Those numbers were actually hijacked phone lines belonging to Holiday Inn, which played recordings asking for personal information.
Full Breakdown of This Week’s Phone Fraud News
NBC New York: Swatting 911 Recordings Reveal Voices Behind Twisted Pranks – Prank 911 callers draw dozens of police officers by claiming violent episodes are underway, startling civilians and wasting law enforcement resources, and NBC 4 New York’s I-Team has obtained some of those chilling calls in its investigation of the disturbing trend.
CSO: Average company losing $90 million to mobile fraud – The top authentication measure on companies’ to-do list is biometrics, which 47 percent of respondents said they were planning to require in the future, followed by phone-based authentication at 38 percent and soft tokens at 32 percent.
Credit.com: 6 Horror Stories of Elder Financial Abuse – She got a phone call from a “sweet-talker” and then received a letter with a Bank of America logo. The (English) was rather poor, but she fell for it anyway. (They said) they would deposit $3.5 Million in her account (which she doesn’t have with Bank of America) if she would send money.
Finextra: Fake bankers and police officers jailed for vishing frauds – Five men have been jailed for 17 years for a series of phone frauds in which they posed as police officers and bank staff to trick their victims out of thousands of pounds. The group stole more than £40,000 after they duped 11 people into handing over bank cards and PINs.
RSA Blog: The World is a Global Fraud Stage – We start by turning phones into sophisticated anti-fraud devices that systematically protect the users while ferreting out the bad guys with laser beams…ok, not really, but we can use biometrics, phone-based authentication and software tokens for two-factor authentication to protect end users.
ABC News: After Scammers Hijack Man’s Phone Number, Angry Calls Come Twice a Minute – Scam artists have hijacked my phone number. They are spoofing my name and home phone number on people’s caller ID when they make calls. This has resulted in hundreds and hundreds of incoming calls to my landline from their angry victims.
Patch: Lacey Woman Out $10,658 After Falling For Bogus Telephone Scam – The caller informed her that she owed taxes from the years 2000-2014 and needed to make payments. The caller advised her of different amounts of money that she owed and told her to purchase prepaid VISA Green DOT cards, Paprota said.
The Fiscal Times: Anthem Data Breach Means Fraud Alerts for 80 Million – The first thing you want to watch out for is someone using the information to trick a call center into letting them take over your existing accounts, said Avivah Litan, an analyst at Gartner Inc. This kind of “cross channel” fraud accounts for 30 percent of all fraud.
Pindrop Security: Case Study: Fraudulent Retail Orders in the Phone Channel – Phone fraud is a significant problem for retailers. In 2014, one major retailer estimated that 5% of all orders taken over the phone resulted in a chargeback. For the most popular brand name products, chargeback fraud was as high as 50%.
Times Union: Utah ‘anti-spoofing’ bill targets use of phony caller ID – A lawmaker wants to make it a crime to deceive someone who displays phony caller ID information. Rep. David Lifferth, said so-called “spoofing” services make it easy to appear to be calling or texting from a fake phone number to confuse or scam the recipient.
American Banker: Phishers Hone Their Scams with Texts, Phone Calls, Big Data – All of these schemes are being aided by the expanded availability of data and analytics. By combing the Internet, fraudsters can easily glean information about top executives at victim companies. They can find out who in a company is likely to handle invoices.
Krebs on Security: Hacked Hotel Phones Fueled Bank Phishing Scams – “Two separate Holiday Inns getting hijacked in such short time suggests there is a larger issue at work with their telephone system provider… This is just another retail terminal, and if they can’t secure their phone lines, maybe you shouldn’t be giving them your credit card.”
Global Dating Insights: Tinder, Bots, and Sextortion: The Latest Trends in Online Dating Fraud – As dating sites and singles have migrated to mobile over the past few years, so too have the dating scammers and fraudsters who leech off the industry. With the proliferation of apps like Tinder, a whole new pool of potential victims have surfaced.
Casper Star Tribune: Scammers use automated phone calls, pretend to be IRS agents – Using automated phone calls, scammers can make hundreds of calls. “How genius for them, because that way they weed out people who know it’s not real,” Blackburn said. “If you call back, they know they have you hooked. It’s an evolving scam.”
Mirror: Phone scam gang who stole £40,000 from elderly and vulnerable jailed for 17 years – The men persuaded victims to enter bank card PINs into their phone handsets, telling them “Don’t worry, we won’t know the number you’re putting in.” But the gang was using apps, which converted the ‘beep’ of the digits into a readable number.
AHA News: AHA advises hospitals to be alert for potential ‘vishing’ attacks – The AHA is advising hospital executives to beware of “vishing” calls targeting hospital executives after learning of a recent attempt to target one hospital. The callers attempt to gain personal SSNs for senior executives by posing as a representative of Medicare.
FICO Blog: CNP Fraud: A Few Bad Apples on the Road to EMV – Both the Dominos and ApplePay schemes show that fraudsters will exploit any weakness. The impacted institutions were quick to work to re-evaluate their authentication methods, but it points out the rapid and creative ways in which fraudster can attack weaknesses.
Detroit Free Press: Fraudsters go into overtime claiming to be from the IRS – “The scam is in fact becoming more prevalent around the country,” said Jay Mayfield, a spokesman for the FTC. Steven Toporoff, an attorney the FTC, said that it is highly unusual for a scam to take off to the extent that the fake IRS calls did last year.
Lancaster Online: Caller asks if he can “come over” in apparent phone scam – A man identified himself as from Publisher’s Clearinghouse. He told the woman she won $1,000. And then the call took a scary turn. “He asked if I was home,” she said. “He wanted to know if he could come over and deliver the prize; that I had to sign for it.”
Keep it Classic: Local startup profile: Pindrop Security – Each type of handset and each telephone network have their own unique audio characteristics. Caller ID can be spoofed to indicate that a request for a wire transfer of money is coming from Atlanta. But if the call is really coming from a Skype phone in Nigeria, Pindrop Security can tell.
Pindrop Security Blog: Phone Fraud as a Service – This is the new landscape of Phone Fraud as a Service (PFaaS). Modern criminals are approaching phone fraud with a business framework, outsourcing technical work and reconnaissance, creating easy to manage tools and cloud services, and even creating fraudulent call centers for hire.
San Francisco Chronicle: No, that is not really the IRS threatening to have you arrested – “They started targeting immigrants. As the months and weeks go on, it has gotten more pervasive and more sinister,” says IRS spokesman Raphael Tulino. There are variations on the scheme, but it starts with a random phone call, allegedly from the IRS.