Hello there! Usually, I write about topics concerning technical support or problem-solving, but not this time – though it will be relevant to the cybersecurity world. Today’s post concerns phone fraud. I read a lot of articles on racketeers, and I know their methods in theory, but this is about the very first time I encountered them in the wild.
It all started with my Mom calling me at 12.30 a.m. I had been enjoying a second solid hour of sleep by that time, so her very first question surprised me just a tad.
“Rodion, where are you?” I was still half asleep so it took me a moment to figure out the correct response. Then I assured Mom I was in bed, sleeping, and this wouldn’t change for at least several hours. Then I asked,”What happened?”
What happened was the following: In the dead of the night, a guy called her on the landline phone and said in a weary voice: “Mom, I got into an accident. I need your help. I’ll pass the phone to the officer, he’ll fill you in.”
Then the “police officer” took over and referred to himself as Alexander.
Mom: “What happened?”
Alexander: “Your son has run over a woman. He is facing serious charges. Are you going to help him?”
Mom: “Sure, how much would that be?”
Alexander: “100,000 Rubles (it’s about $2000 at the moment).”
Mom: “Where is he?”
Alexander: “Do you need the exact address?”
Mom: “Yes, the address I need to bring the money to.”
Unfortunately for “Alexander,” he and his partner had just tried to impersonate someone who works in the sphere of information security, and his Mom knows a lot about the stuff. So, while Mom was having this discussion with Alexander the Policeman, she was also dialing me on her mobile to clarify a couple of facts. Well, as soon as I answered the phone, the fraudsters hung up.
I talked to Mom and reassured her she had nothing to worry about, and I was filled with pride upon hearing how cool-headed she was when talking to the fraudsters. As soon as the dust settled, she called the real police.
How to save $2000 on one call, or Why I am so proud of my MomTweet
Many people who face such a situation don’t consider a call to the police an option, at least in Russia. They think that they would be laughed at or ridiculed — but let me assure you it’s not the case. When we called to precinct, the first thing we were told that under no circumstances should we transfer money, and that Mom should immediately revoke the payments if they have been already executed.
The police have treated the matter with the utmost care and seriousness and sent an investigator directly to Mom’s home. He arrived at 4 a.m. (!), took her statement, briefed her on similar cases of fraud and instructed her on how to behave in circumstances like those.
Now, it’s time to analyze. The aforementioned situation is not a rare case, and fraudsters employ varied channels, including phone, SMS, email, social networks, popular messengers (like Skype), etc.
Fraudsters hacked #Skype and tricked victim’s friends to send them about $5000: https://t.co/lv9nlyGvVg
— Kaspersky Lab (@kaspersky) March 24, 2015
I can’t assess why a person would go to these lengths to make an easy buck. These people don’t ever think of the possibility that their intended victim might have a heart condition and such a stunt might cause an attack. Anyway, making money on others’ fears is detrimental for karma, or whatever counterpart of this ethical concept you believe.
But let’s leave aside the philosophy and get down to business. Fraudsters like those we encountered try to play the family or friendship card. What parent or friend would neglect a grave situation and refuse to help? A fraudster will try to bully, scare, or confuse their victim, so the unfortunate interlocutor would bring them money without asking too many questions.
However, there’s one thing you should bear in mind. Usually, choosing a target for such social engineering tricks is a completely random process. It might be that scammers laid their hands on a database of phone numbers and started to approach all of them on a carpet-bombing principle.
With so many addressees available, they have a solid chance of finding a random mother who has a son, who, in turn, drives a car.
But even with such a high degree of probability, the scammers neither know the son’s name, nor the brand of the car. All in all, they don’t know anything about people they are about to trick.
Of course, there are exceptions, but mostly, it happens just the way I described above. Consequently, in order to make the fraudster back off, the very first thing you need to do is switch off your emotions (of course, it is challenging when you hear shocking news) and try to ask a question that a fraudster would not be able to answer.
For instance, in our case, my Mom could have asked, which of her sons they mean. The culprit would have tried to avoid answering or been forced to abandon his initial plan, but in the end he would not be able to name the son in question. Then the ‘police officer’ would never even have started to talk. Another question could have been: Who are you calling?
The second recommendation: independently of the manner the ‘shocking news’ was conveyed to you, try to reach the person who allegedly got into trouble. This is just what my Mom did. As soon as scammers realized their victim did not lose control and continued to analyze the situation, they immediately lost their confidence and hung up.
A phone call is much more difficult to handle in terms of emotions than SMS, messengers or other text-centric channels: you could be unable to use another phone for fact-checking, whereas the culprits would use their entire social engineering arsenal, from tonality of the voice to the acting talent. So, the main thing here is handling your emotions.
Here is an anti-fraudster playbook which will help you to ensure the scammers don’t take advantage of you:
- Don’t panic!
- Don’t accept anything at its face value!
- Don’t transfer money!
- Try to get in touch with the person in question (i.e. with the one on whose behalf the fraudster pretends to communicate).
- Ask detailed questions that only your real relative or friend would be able to answer.
- Last but not least, call the police! This is the only means of making society comprehend the problem of scamming and make this world a bit safer. It does not only include fake calls of SMS messages with pleas to transfer some money and help with some grave problem. It equally has relevance to ransomware or Windows blockers, which Kaspersky Lab products can easily deal with. All these threats are small bricks in the enormous Evil Tower, which we need to rock and demolish.
I am pretty sure there are other ways to fight off the scammers. Let’s share our experiences and tips in the comments to this post. So, all of you, have good nights, be cool-headed and enjoy pleasant phone calls from your relatives and friends! Together, we will take down any threat and make this world a safer and more pleasant place to be.