Last weekend, Tesla Motors had their website and Twitter accounts hijacked. Attackers were able to take control with a simple phone call to Tesla’s phone service provider, AT&T. Someone posing as a Tesla employee convinced an AT&T customer support representative to forward calls to a non-Tesla phone number. This allowed the fraudsters to call Network Solutions (the registrar responsible for TeslaMotors.com) and use the forwarded number to add a new contact email address to the domain admin account. From there, fraudsters quickly took over Tesla’s accounts. The attack highlights the phone channel as a major vulnerability across industries.
On Thursday, NBC reported on a new phone scam taking advantage of news of recent improvements in the relationship between Cuba and America. Fraudsters are calling Cuban-Americans pretending to be a long-lost relative who is finally able to leave Cuba and is en route to America. The only catch? They need money to complete the trip. NBC’s report features an 89 year old grandmother who had hoped to be reunited with a sister she hadn’t seen in 20 years, but instead lost more than $1,000.
Full Breakdown of This Week’s Phone Fraud News
Pindrop Blog: Three Things We Learned at RSA 2015 – This year’s RSA Conference was bigger than ever. The Pindrop team stayed busy speaking to current and future customers and partners at our booth. We’re just starting to recover, which means its time to reflect on what happened this year, what we learned, and where we go from here.
West Midlands Police: Six charged with plotting ‘Courier Fraud’ phone scam – Five men and a woman have been charged with plotting a far-reaching phone scam that saw up to 100 elderly residents duped out of savings. They are accused of tricking victims into handing over bank cards, having posed as police officers.
AL.com: Listen to the phone scam Florence residents have been receiving – The caller claims to be from the “State Fraud and Worthless Check Division” and tells potential victims they borrowed money from a business and it has not been repaid. Police say the scammers request you to pay online by prepaid Western Union card.
Find Biometrics: Report: Face and Voice Biometrics Are Top Modalities – Market research firm Research and Markets has released a new report on the global facial and voice recognition markets. The outlook is good, the researchers say, as the technologies’ non-intrusive qualities give them an edge over competing modalities.
Techspective: Tighten security with risk-based authentication – Passwords alone are a weak form of authentication. Two-factor authentication makes it more secure, but less convenient. The solution may lie in risk-based authentication—a mechanism that approaches the authentication process from a smarter angle.
Forbes: How Tesla’s Site, App And Twitter Feeds Were Attacked Via AT&T – Over the weekend, Tesla’s site and a number of its Twitter profiles were hacked. The famous car brand has released details of what went down, which included some sneaky social engineering on behalf of the hackers, who abused AT&T customer support.
Security Week: Hackers Tricked AT&T, Network Solutions Employees in Tesla Attack – “Posing as a Tesla employee, somebody called AT&T customer support and had them forward calls to an illegitimate phone number. The impostor then contacted the domain registrar company that hosts teslamotors.com,” said a Tesla spokesperson.
Business Insider: Hackers used a surprisingly simple method to access Tesla’s website and Twitter account – In general, hacking is a precise and honed skill that requires a deep understanding of computer networks and code. But sometimes literally zero code is required whatsoever, and hackers can use only a phone and their own relentlessness to get the job dones.
San Diego Union-Tribune: 2 sentenced in $13M scam to defraud homeowners – A total of 13 defendants, including telemarketers from the firm’s call center, have now been sentenced in connection with the scam, which targeted homeowners nationwide. The case was investigated by the FBI and the Internal Revenue Service
Palm Beach Post: West Palm Beach woman on trial in massive timeshare fraud – What the telemarketers said to get the credit card numbers of timeshare owners throughout the country was that buyers had been found for their units. All the unit owners needed to do was give their credit card numbers to cover $2,996 in closing costs..
FTC Blog: How to help the earthquake victims in Nepal – Urgent appeals for aid that you get by phone may not be on the up-and-up. Unfortunately, legitimate charities face competition from fraudsters who either solicit for bogus charities or aren’t entirely honest about how a so-called charity will use your contribution.
USA Today: Swatting away prank 911 calls irritating for cops, lawmakers – This is a demented, evil act that puts people at risk of significant injury or death, said Assemblyman Paul Moriarty, who introduced an anti-swatting bill in November, “not to mention that these types of activities divert police to take fake calls to incidents that don’t exist.”
The Herts Advertiser: 70 year old Harpenden man falls victim to phone scam – Between 1pm-4pm the Harpenden man was contacted by a caller claiming to be from the Visa fraud department. The caller stated that the man’s card had been fraudulently used in London, and told him they needed his PIN and bank cards to investigate.
The Morning Call: School Employees Targeted by Scam – Public school employees and retirees are being targeted with a phone scam that alleges there’s a problem with their retirement benefits. The Public School Employees’ Retirement System warned members about calls from individuals claiming to be with the IRS.
The Hindu: Delhi-based ‘vishers’ held for swindling cash from cards – The modus operandi of the suspects was to ring up cardholders claiming that they were calling from the ‘bank’s customer care’ to raise the credit limit or renew the cards. After obtaining the card details, they would swindle the money.
Hartford Courant: Letter to the Editor: Can’t Really Stop Robocalls? – I just would prefer it if the government would not pretend that it can do anything to stop the calls. If there was a way to automatically transfer the calls from our phones to our federal representative or senator, then I think a solution would appear in 24 hours or less.
Trefor.net: Caller ID Is Broken – There was once a time when people trusted the number that showed up on their Caller ID. Phone companies charged extra for the service. Even banks allowed you to activate your credit card just by calling from a registered phone number. That is no longer the case.
Fay Observer: Moore hospitals warn of phone scam – Hospitals in he Cape Fear region are warning their patients about a phone scam in which a caller poses as a hospital official attempts to obtain personal information. The callers have identified themselves as employees of FirstHealth of the Carolinas.
WAND 17: University police warning public of phone scam – According to authorities, students are called and told that they must pay money or face being arrested and deported. The caller then says the student must make a payment within 10 minutes, or police officers will arrest the student on a warrant that has been issued.
Mortgage Professional America: Two headed to jail for massive mortgage scam – In the scam, telemarketers falsely promised homeowners that an “attorney retainer fee” of about $3,500 would be held in trust until clients were satisfied with their service, and that clients were protected by a money-back guarantee.