full
border
#666666
https://www.pindrop.com/wp-content/themes/zap-installable/
https://www.pindrop.com/
#eb735c
style1

Archive for the ‘Phone Scam Breakdown’ Category

Phone Security Issues

22
Feb

The first step in protecting against phone scams is understanding how they work. That’s why in this series, we’re breaking down some of the newest and most popular phone scams circulating among businesses and consumers.

The Scam

You’re a small business owner running a website through a popular hosting site. You have purchased the unique URL that fits your company, and you set up your website. You muddle your way through figure out SEO, mphone-scam-breakdowneta tags, and keywords to get your website found upon a quick Internet search. Then, from a local number, you get a phone call from a Google specialist claiming they have a front page position for your business with unlimited clicks, 24 hours a day. Your business is struggling to gain traction on the Internet so you immediately press one at the behest of the specialist. You set your website up with the Google specialist. Quick and easy, you pay the local specialist for the front page spot and you hang up.

What Really Happened

You realize shortly after hanging up with the Google specialist that your website is not displayed on Google’s front search page. You also realize that several withdrawals have been made from your account that you have not authorized. Soon after, you catch on to what has happened. You’ve been scammed, and the fraudsters stole your credit card information. How did this happen?

  • Robocalling – Scammers use robocalls to attack a multitude of people quickly while also being able to conceal their identity and location through Caller ID spoofing
  • Vishing – Fraudsters use the phone channel to persuade victims to divulge sensitive information, like credit card numbers, to initiate account takeovers
  • Impersonation – by falsely implying that they are associated with Google, they are gaining your trust and/or intimidating you with their importance

 

Google Listing Scam Examples

Another day, another “Google Listing” call – A variation of the robocalls surrounding the Google Listing scam. According to Pindrop Labs research, there are 8 variations of robocalls connected to this scam.

Avoid and report Google scams – A list of scams tied to the Google name.

Pindrop Labs presents Emerging Consumer Scams of 2016 – Pindrop Labs has researched and discovered the 5 emerging phone scams effecting consumers in 2016, including the Google Listing Scam, and will be presenting a webinar on these findings on Wednesday, February 24th from 2:00-2:30pm ET.

 

 

 

07
Feb

The first step in protecting against phone scams is understanding how they work. That’s why in this series, we’re breaking down some of the newest and most popular phone scams circulating among businesses and consumers.

The Scam

It’s a chilly January day. You’ve been busy hitting the ground running on your New Years resolutions, getting back into the daily grind at work, or stocking your pantry for impending snow storms. One day in the midsts of all the hustle and bustle, you receive this call:

“You may already know effective January 1st of this year, federal law mandates that all Americans have health insurance. If you missed open enrollment, you can still avoid tax penalties and get covered during the special enrollment period, often at little or no cost to you.”phone-scam-breakdown

Oh no! Open enrollment has ended and you haven’t signed up for health insurance. You don’t want to be penalized on your taxes so you quickly press one for more information. Soon after you have selected the healthcare plan right for you, paid with your credit card, and avoided all penalties… or so you thought.

What Really Happened

Scammers used a fake robocall to gain your personal information including social security number, your bank account, and your address. With this information, these fraudsters racked up purchases on your credit card and opened new accounts.  Because the insurance you thought they offered you was made up, you also are penalized for being uninsured come tax time. Attackers have successfully stolen your identity using the following tactics.

  • Robocalling – Scammers use robocalls to attack a multitude of people quickly while also being able to conceal their identity and location
  • Confusion – You’ve heard something about Obamacare and tax deadlines, but you haven’t paid much attention to the details. Fraudsters take advantage of your confusion.
  • Cross-channel Fraud – Fraudsters use many different channels to extort sensitive information. In the case of the Healthcare Scam, fraudsters use the phone channel to collect personal information, and use that information in other channels, like online or in the call center.

Healthcare Scam Examples

5 Obamacare Scams and How to Avoid Them – In addition to offering healthcare, scammers will also tell victims they can get lowered insurance rates, pretend to be government agents, or even offer nonexistent “Obamacare cards”.

Expert Warns about Healthcare Scammers – Brownsville, TX – fraudulent robocallers warn residents about $695 penalty for not enrolling in heathcare.

State Warns of Multiple Scams and Fraudulent Practices in Oregon – Phone scammers are preying upon the financial troubles of Moda Health, calling and intimidating those using Moda as their primary insurance carrier.

 

25
Nov

The first step in protecting against phone scams is understanding how they work. That’s why in this series, we’re breaking down some of the newest and most popular phone scams circulating among businesses and consumers.

The Scamphone-scam-breakdown

Ah, tax day. The chore of rounding up your W-2’s and taking them to your accountant to look over has come. Luckily this year you don’t owe too much.  Your write your check, mail it off, and you’re done.

A day or two later you get a call from the IRS. Your accountant messed up and instead of a couple hundred, you owe a couple thousand. If you don’t pay right now over the phone there will be a warrant out for your arrest. You quickly run to your wallet to pull out your card and give the number to the man on the phone. Thank goodness the IRS was able to take your payment over the phone so easily.

Here’s What Really Happened

Wait, the IRS can just call you asking for payment over the phone? Absolutely not. In this consumer scam, attackers are calling all sorts of people who inevitably just finished their taxes. Using scare tactics and threats, these fraudsters can convince victims they are in fact a representative of the Internal Revenue Services to get large sums of money quickly.

  • Reconnaissance – These scammers can easily look up phone numbers via the Internet, Facebook, or other social sites. This method is easy for fraudsters with high payoff.
  • Intimidation –  Using scare tactics, forceful language, and involving the cops in an effort to spook consumers is an effective means of getting someone to pay up phony amounts.
  • Card-Not-Present Fraud –  Now that you’ve given your credit card information to a scammer, they can now rack up charges using your card number beyond the fraudulent tax charges.

The IRS Scam in the News

Tax Scams/Consumer Alerts The IRS has released statements warning consumers of several different IRS impersonation scams

IRS Phone Scammers are Steal Millions from Victims As this scam spreads throughout the United States, millions are being taken from unsuspecting victims

Five Easy Ways to Spot a Scam Phone Call The IRS has tips to spot and avoid this scam

17
Nov

The first step in protecting against phone scams is understanding how they work. That’s why in this series, we’re breaking down some of the newest and most popular phone scams circulating among businesses and consumers.

The Scam

You’re a call center representative for major telecommunications carrier. Days are pretty easy, you help customers troubleshoot problems and use KBAs to help identify customers to help them. Sometime in the afternoon you get a call from one of your co-workers who is having a technical issue. No worries, this sort of thing happens all the time. After verifying that he had his employee ID number, you help your fellow call center rep get an account number, PIN,phone-scam-breakdown email address, and other information to fix the issue. You pack your things up, turn off your computer, and head off. Another day’s work complete.

 

Here’s What Really Happened

Little did you know that co-worker of yours wasn’t actually an employee, he was a high school hacker, and that information you helped get belonged to a minor internet celebrity. From there the hacker got access to the victim’s email account and found numerous documents, including personal emails, contact lists, phone logs, and even social security numbers. So how did this happen?

  • Social Engineering – The high schooler was able to trick several call center representatives into divulging sensitive information all by finding the victim’s phone number online and locating the provider associated with that number. He was able to pass several knowledge based authentication questions (KBAs) just by looking on the Internet.
  • Reconnaissance – The caller knew that you would need his employee ID number to get him the information he needed. That means he’d already done his research, making test calls, or searching online, to learn what format to make his own fake id number believable.
  • Cross-Enterprise Attacks – Wait – who got attacked here? You gave out the information, but the fraudster was actually hacking into an account at an entirely different company.

 

Employee Impersonation Scam Examples

The Employee Impersonation Scam can happen to anyone.

How a Teenager Hacked the CIA with Just a Few Phone Calls

High school student uses social engineering to hack CIA Director’s personal AOL account

Using Only His Phone, Man Scams 217 Macy’s Stores Into Issuing Fraudulent Refunds

In September, the FBI arrested a man for calling Macy’s department stores and impersonating the “Director of Customer Service.” With a few phone calls, he was able to get refunds for products never actually purchased.

How Scammers Are Stealing Xbox Live Accounts

Anonymous hackers explain how they impersonate Tech Support agents to take over Xbox Live accounts.

10
Nov

The first step in protecting against phone scams is understanding how they work. That’s why in this series, we’re breaking down some of the newest and most popular phone scams circulating among businesses and consumers.

phone-scam-breakdownThe Scam

Imagine its a Saturday afternoon. You’re catching up on some Netflix shows, and then you get a call from an unknown number.

The man on the phone tells you he has your brother and he’s going to hurt him if you don’t pay up. You say you’re going to call your brother and the man tells you if you do, he’s going to shoot him in the leg.  In the background, you can hear screaming, you’re sure its your brother.

The kidnapper asks how much money you have in your account, you tell him a little over a $1,000. He says if you don’t wire that money immediately, he’s going to kill your brother. In a panic you rush to the store and wire all the money you have to pay the ransom.

Thank goodness your brother is safe.

Here’s What Really Happened

You wait a day to call your brother, like the kidnapper told you. You asked him about the kidnapping, if he was ok, did they hurt him… but he has no idea what you’re talking about. He went on a date to the movies yesterday, he wasn’t kidnapped. You were scammed out of every penny in your bank account.

How did this happen? Well, fraudsters used several techniques to find information about you.

  • Social Media Reconnaissance – Attackers use social platforms such as Facebook to gather info on you, your family, and even the places you go regularly. With a few quick clicks on your profile, a scammer can find out who your siblings are, how you like to spend your weekends, and what your brother’s plans are.
  • Intimidation – Attackers will use intimidation and fear tactics to scare victims into believing their stories so they will give into demands.
  • Wire Transfer – Scammers will tell worried family members to wire money. Little do they know using phony accounts and details, this money can be accessed from anywhere making it hard to catch the attackers.

Kidnapping Scam Examples:

FBI Warns of Telephone Extortion Scam 

In September 2015, one family was targeted in California. Claiming to be a part of a Mexican drug cartel, the fraudsters demanded money in return for the victim’s brother. Luckily, the victim was able to get in touch with their loved one and was able to hang up on the attacker before any money was lost. The FBI are now involved due to the increase of this kidnapping scam in California, Nevada, and New York.

Virtual Kidnapping Scam Targeting Tourists

According to the FBI’s Special Agent Erik Arbuthnot, the virtual kidnapping scam is now targeting tourists. In July of this year, it was reported that US citizens are being targeted as they travel abroad by attackers who use drug cartel names as a means of legitimacy to intimidate and eventually trick victims into handing over money to get their loved ones to safety.

Virtual Kidnapping Scam on the Rise in New York City

New York City is seeing an increasing amount of the virtual kidnapping scam since January. The FBI warns residents of this scam, as well as gives a few red flags to watch out for.

30
Jul

phone-scam-breakdownThe first step in protecting against phone scams is understanding how they work. That’s why we’re starting a new series on the blog, breaking down some of the newest and most popular phone scams circulating among businesses and consumers.

The Scam

Your grandmother is the sweetest, kindest, best grandmother you know. She’s always there to bake you cookies, knit you a sweater, and send you a birthday card with a little cash in it. She’s always looking for little ways to help out her favorite grandchild.

So, it’s no wonder you called her last week when you got in trouble with the law. You had been traveling overseas, and got arrested – it was all a big misunderstanding. You couldn’t go into details just yet, as you didn’t have much time, and the connection was spotty. You just needed her to quickly wire some money to pay your bail. Of course, she ran straight to the store to send it.

At first she thought it was strange when she saw you last week and you didn’t thank her for the money or mention the trip. But then she decided you must not have wanted your parents to know about the arrest, so she played along and kept quiet about it too.

Here’s What Really Happened

Of course, you weren’t really arrested overseas. In this common attack, scammers prey on grandparents, who may not always be up to date on where their twenty-something grandchildren are. Scammers call, pretending the grandchild has gotten into some trouble and needs cash quickly. The complicated social dynamics of the situation mean that many grandparents never even realize that it was a scam, or don’t want to admit that they’ve been conned because it could mean they lose their independence. According to the FTC, only about 8 percent of victims report this scam.

A few of the techniques fraudsters use for this scam are:

  • Social Media Reconnaissance – Scammers do their homework on your family, checking social media profiles and other online sources to learn grandchildren’s names, and sometimes even their travel plans.
  • Intimidation – Con artists use scare tactics to intimidate grandparents into paying quickly. They might imply that the grandchild is in physical danger or living in bad conditions in a jail overseas.
  • Wire Transfers – Scammers typically ask grandparents to send a wire transfer. With a reference number and a phony ID, they can retrieve that money anywhere. Because wiring money is like sending cash, once the grandparent sends it, they can’t get it back.

Grandparent Scam Examples

The Grandparent Scam – In April, the New York Times ran a personal essay from novelist Christine Sneed. Sneed recounted the story of how fraudsters called her grandfather, pretending that she had lost her passport while traveling in Spain. Her grandfather wired $6,000 to help. But when he found out it was a scam, he lost his trust in the phone, and no longer took his granddaughter’s calls.

Guilty Plea in Scam That Targeted Grandparents Nationwide – Last week, a New York City man admitted to taking part in a grandparent scam that swindled 17 people out of thousands of dollars. The callers tricked victims by saying a grandchild had been arrested on drug charges.

Grandmother Out $7,000 in ‘Grandparents’ Scam – In this scam, the attackers didn’t even know the name of the 81-year old woman’s grandchildren. Instead he simply said “Grandma – It’s me” before handing the phone over to a man claiming to be a lawyer needing payment.

27
Jul

phone-scam-breakdownThe first step in protecting against phone scams is understanding how they work. In this series of blog posts, we’re breaking down some of the newest and most popular phone scams circulating among businesses and consumers.

**For more information on how phone fraud affects banks, register for our upcoming webinar, “Bank Fraud Goes Low Tech

The Scam

Imagine that you’re a customer service agent at a banking call center. You receive a call from someone who sounds a bit like a chipmunk. You talk to so many people every day that it’s nothing too out of the ordinary. Before you can start helping the customer, you must verify her identity. You ask for the customer’s mother’s maiden name.

“My father was married three times, so can I have three guesses?” replies the customer.

“Of course,” you reply with a smile. She gets it on the third guess – It was Smith.

After that, the customer, who tells you she is recently married, just needs help with a few quick account changes: mailing address and email address. She checks on the account balance and ends the call. You wish all of your calls were this easy.

Here’s What Really Happened

A month later, the newlywed’s account is cleared of money. It turns out, she wasn’t a newlywed after all. She hadn’t changed her address or her email. Instead, the person you spoke to on the phone was an attacker, performing the first steps in an account takeover. After changing the contact information on the account, the attacker got into the customer’s online banking and changed her passwords and PIN numbers. It wasn’t long before the attacker began to steal funds from the account.

It’s called Account Takeover Fraud, but it actually combines several popular scam techniques:

  • Voice Distortion – Attackers have many tools for changing the way their voice sounds over the phone. They may be trying to impersonate someone of the opposite gender, or simply attempting to avoid voice biometric security measures. Less sophisticated attackers sometimes go overboard on this technique and end up sounding like Darth Vadar or a chipmunk.
  • Social Engineering –Think of social engineering as old-fashioned trickery. Attackers use psychological manipulation to con people into divulging sensitive information. In this scam, the attackers acted friendly, and jokingly asked for extra guesses on the Knowledge Based Authentication (KBA) questions.
  • Reconnaissance – Checking an account balance for a customer may seem like a low-risk activity. But this is exactly the type of information that an attacker can use in later interactions to prove their fake identity. Pindrop research shows that only 1 in 5 phone fraud attempts is a request to transfer money. Banks that recognize these early reconnaissance steps in an account takeover can often stop the attack months ahead of time.

Account Takeover Fraud in the News

In Wake of Confirmed Breach at Home Depot, Banks See Spike in PIN Debit Card Fraud – Home Depot was quick to assure customers and banks that no debit card PIN data was compromised in the break-in. Nevertheless, multiple financial institutions contacted by this publication are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer accounts.

Account Takeovers Can Be Predicted – Apart from collecting publicly available information about the victim, generally posted on social networking websites, cybercriminals resort to contacting call centers in order to find something that would help in their nefarious activities.

Time to Hang Up: Phone Fraud Soars 30% – Phone scammers typically like to work across sectors in multi-stage attacks. This could involve calling a consumer to phish them for bank account details and/or card numbers; then using those details to call their financial institution to pass identity checks and thus effect a complete account takeover.

**For more information on how phone fraud affects banks, register for our upcoming webinar, “Bank Fraud Goes Low Tech

24
Jul

phone-scam-breakdownThe first step in protecting against phone scams is understanding how they work. That’s why we’re starting a new series on the blog, breaking down some of the newest and most popular phone scams circulating among businesses and consumers. 

The Scam

Imagine that you’re a senior executive at a law firm or hedge fund. It’s the end of a long week at the office. Just as you’re about to hit the road, you answer one last phone call. It’s your company’s bank. They tell you that they’ve detected fraudulent activity on your account. This sounds like it’s going to be a pain to take care of.

Fortunately, this counter-fraud team seems to have everything under control. They already have most of your information. They just need to verify a few details, including your online security code, and they can cancel the suspicious transactions. You give them the information they need and head home, making a note to check in on what happened when you get back on Monday.

When you arrive back at the office the next week, you log into you firm’s online bank account to check that the fraud transactions were canceled. Instead, you see that more than a million dollars has gone missing…

Here’s What Really Happened

It turns out that wasn’t actually your bank calling on Friday afternoon. It was an attacker. When you “verified” your online security details, you were actually giving the attackers everything they needed to take over your company’s account. After you left the office, they logged in and transferred the money out of your account. They know that Friday afternoon is when conveyancing transactions are completed, so by the time everyone returns to the office on Monday, that money is long gone.

It’s called the Friday Afternoon Scam, but it actually combines several popular scam techniques:

  • Spear Phishing / Spear Vishing – Unlike many phone scams, which cast a broad, random net, spear phishing or spear vishing attacks are extremely targeted. The attacker will often do extensive research on a single executive in an attempt to steal intellectual property, financial data, or other trade secrets. Here, the attackers are specifically targeting CFOs and other high level financial executives.
  • Social Engineering –Think of social engineering as old-fashioned trickery. Attackers use psychological manipulation to con people into divulging sensitive information. In this scam, the attackers call on a Friday afternoon, knowing that the executive will be distracted.
  • Bank Impersonation – By pretending to be calling from the company’s bank, the fraudsters were able to gain the executive’s trust fairly easily. Attackers can impersonate a bank by doing reconnaissance work to learn which bank the company uses and spoofing that bank’s Caller-ID. Often attackers will transfer the call to a ‘manager’ in order to make it seem more legitimate.

Friday Afternoon Scam Examples

A London Hedge Fund Lost $1.2 Million in a Friday Afternoon Phone Scam – Last week, Bloomberg reported on this scam, which targeted Forelus Capital Management LLP’s CFO, Thomas Meston. As a result, Meston was terminated and is now being sued by the funds. The firm claims he breached his duty to protect the firm’s assets.

SRA Warns of ‘Friday Afternoon Fraud’ Risk – Earlier this year, The UK’s Solicitors Regulation Authority reported that it had been receiving four reports a month of law firms being tricked by Friday Afternoon Scams. Law firms reported an average $500,000 loss per scam.

 

 

 

21
Jul

phone-scam-breakdownThe first step in protecting against phone scams is understanding how they work. That’s why we’re starting a new series on the blog, breaking down some of the newest and most popular phone scams circulating among businesses and consumers.

**For more information on how phone fraud affects retailers, register for our upcoming webinar, “The State of Retail Phone Fraud.

The Scam

You work in a call center as a customer service representative for a retailer with lots of big customers – maybe colleges and universities, hospitals, or construction companies. These customers typically make large, bulk orders, and they can come from many individuals or departments within the companies.

It seems like business as usual when one of your biggest customers calls to get a quote for a bulk shipment of toner and electronics. Once you deliver the quote, you get the purchase order, requesting Net-30 payment terms. Everything looks normal, so you process and ship the order.

Here’s What Really Happened

That order was really placed by a scammer, who probably found your real customer’s details online. To receive the products, the scammer may have changed the customer’s usual shipping address. Alternately, he may have called the customer directly, claiming that the order had been incorrectly shipped to them and offering to send a courier to pick it up. Because of the Net-30 terms, there is a full 30-day window for the scammers to get away with their crime – plenty of time to pick up the shipment and resell the goods on the black market.

A few of the techniques these attackers use for purchase order scams are:

  • Cross-channel fraud – Attackers combine email and phone communications to better impersonate real customers. Attackers often set up fake email accounts that look like they are coming from a real customer, then follow up with a phone call to complete the order.
  • Courier fraud – It’s hard to say no when there’s a legitimate looking courier at your door. Attackers often send couriers to physically pick up fraudulently purchased goods.
  • Reconnaissance – Many large organizations like universities or hospitals have easy to access corporate information posted publically on the company’s domain. This is all the information attackers need to generate a very real looking purchase order.

Retail Purchase Order Scam Examples

Purchase Order Scam Leaves a Trail of Victims – Last Fall, the FBI issued an official warning about purchase order scams. Investigators found approximately 400 actual or attempted incidents that targeted some 250 vendors, and claim nearly $5 million has been lost so far.

Purchase Order Scam Targeting University Suppliers – CSO magazine reported a rash of scams targeting universities, going back as far as May 2013. The article includes links to official warning from Ohio State University, Penn State University, Texas A&M and more.

Purchase Order Scams Now Targeting Construction Suppliers – Earlier this year, KGC Inc, an industrial and commercial construction company reported falling victim to the purchase order scam. Scammers impersonating the company attempted to place orders for $25,310 worth of equipment.

**For more information on how phone fraud affects retailers, register for our upcoming webinar, “The State of Retail Phone Fraud.

 

default
Loading posts...
link
#5C5C5C
on
loading
off