Not All Attacks Are Cyber Attacks – Watch For Phone Scams Too

As long as we are on the subject of telephone fraud, here is a post inspired by a recent article from Naked Security.  It reminded me that not all attacks are high-tech cyber-attacks.  The phone is still an effective tool used by criminals to extract cash from their victims, and the losses can be in the thousands.

Here are some different scams run by these scammers:

  • Tech support scam:  Callers identifying themselves as “Microsoft techs” convince victims their computer is infected, and for a fee (usually $300) they can fix it.  A variation is the browser pop-up that tells victim to call a toll-free number for immediate technical assistance.  Whether they call you or you call them – it is ALWAYS a scam.
  • IRS tax scam: Individuals in call centers impersonate IRS officials.  They tell you that you owe back taxes, and unless they are paid immediately, a sheriff’s deputy will be sent to arrest you.  Recently a call center in India was arrested for perpetrating this fraud.
  • Immigration scam: By impersonating officers from the US Immigration and Customs Enforcement, they mislead victims into paying a fine for “paperwork errors.”   They are told failure to comply would lead to deportation.
  • Credit card CVV scams:  Callers who are impersonating VISA or MasterCard security officers already know your credit card number.  To use the card number, they need you to tell them the three digit CVV from the back of your card.  Never give your CVV or credit card number to someone who called you.
  • Payday loan scam: Posing as loan officers and offering payday loans, which would be linked to their next check – often a Social Security check. The victim would pay a “worthiness” fee to demonstrate “ability to repay the loan”.
  • Government grant scam: Similar to the payday loan scam, the caller would offer the victim a government grant, and pay an upfront “IRS tax” or “processing fee”.
  • Police officer fine scam:  A caller representing themselves as a police officer will claim your grandson or some other family member has been arrested for a crime, and will offer to settle the case for the payment of a fine.  The fine may be several thousand dollars.  Usually the caller will require payment in untraceable Western Union or Green Dot scratch-off cards, that can be purchased in many grocery and convenience stores.

I have personally known several people who have fallen for these scams, and it is often impossible to get the funds returned.  I have seen people give their bank routing and account number to scammers, which gave the scammers access to their entire bank balance.

As a matter of good operational security, I will not give my credit card number or any other personally identifying information to some who has called me.  If I don’t know you, the call will be short and over.  Since Caller ID numbers can be spoofed, I have no way to know if the caller is really who they claim to be.  Even when I get the occasional call from the credit card security department, I always confirm the information they are telling me with what I can discover online on my credit card account.  Don’t let yourself be fooled by these fast-talking tricksters.  When in doubt, hang up.

More information:


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.