Not All Attacks Are Cyber Attacks – Watch For Phone Scams Too

As long as we are on the subject of telephone fraud, here is a post inspired by a recent article from Naked Security.  It reminded me that not all attacks are high-tech cyber-attacks.  The phone is still an effective tool used by criminals to extract cash from their victims, and the losses can be in the thousands.

Here are some different scams run by these scammers:

  • Tech support scam:  Callers identifying themselves as “Microsoft techs” convince victims their computer is infected, and for a fee (usually $300) they can fix it.  A variation is the browser pop-up that tells victim to call a toll-free number for immediate technical assistance.  Whether they call you or you call them – it is ALWAYS a scam.
  • IRS tax scam: Individuals in call centers impersonate IRS officials.  They tell you that you owe back taxes, and unless they are paid immediately, a sheriff’s deputy will be sent to arrest you.  Recently a call center in India was arrested for perpetrating this fraud.
  • Immigration scam: By impersonating officers from the US Immigration and Customs Enforcement, they mislead victims into paying a fine for “paperwork errors.”   They are told failure to comply would lead to deportation.
  • Credit card CVV scams:  Callers who are impersonating VISA or MasterCard security officers already know your credit card number.  To use the card number, they need you to tell them the three digit CVV from the back of your card.  Never give your CVV or credit card number to someone who called you.
  • Payday loan scam: Posing as loan officers and offering payday loans, which would be linked to their next check – often a Social Security check. The victim would pay a “worthiness” fee to demonstrate “ability to repay the loan”.
  • Government grant scam: Similar to the payday loan scam, the caller would offer the victim a government grant, and pay an upfront “IRS tax” or “processing fee”.
  • Police officer fine scam:  A caller representing themselves as a police officer will claim your grandson or some other family member has been arrested for a crime, and will offer to settle the case for the payment of a fine.  The fine may be several thousand dollars.  Usually the caller will require payment in untraceable Western Union or Green Dot scratch-off cards, that can be purchased in many grocery and convenience stores.

I have personally known several people who have fallen for these scams, and it is often impossible to get the funds returned.  I have seen people give their bank routing and account number to scammers, which gave the scammers access to their entire bank balance.

As a matter of good operational security, I will not give my credit card number or any other personally identifying information to some who has called me.  If I don’t know you, the call will be short and over.  Since Caller ID numbers can be spoofed, I have no way to know if the caller is really who they claim to be.  Even when I get the occasional call from the credit card security department, I always confirm the information they are telling me with what I can discover online on my credit card account.  Don’t let yourself be fooled by these fast-talking tricksters.  When in doubt, hang up.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.