How “Silent Calls” Lead To Identity Theft
We’ve all had the experience of answering a phone call only to hear nothing. Typically, we just hang up and shrug. But those “silent calls” are the first step in well-organized campaigns to steal identities and bank account balances. Here is how these scams work, and what you should do to protect yourself…
The Dark Side of Robocalling
“Hello? Hello? Anybody there?” That first, silent call is just a probe to see if a phone number is in active use. Automatic dialing machines place tens of thousands of silent calls per day using free or dirt-cheap Voice-over-IP technology.
Software “listening” on the caller’s end can tell the difference between a “not in service” recording and your puzzled “Hello?” or even a human cough. Phone numbers identified as active are passed to another robocalling system for followup calls that usually come days later.
The next robocall will feature a recorded voice saying something like this: “This is an important message regarding your debit card. If you are the cardholder, press 1 and stay on the line. Otherwise, please have the cardholder call us at 1-800…”
In case you’re thinking about ignoring these demands, the recording warns, “A temporary hold may have been placed on your account. It will be removed after you have verified account activity.”
If you follow orders, you’ll be guided through the process of providing your account number, PIN, birth date, the card’s expiration date, and even your Social Security Number to a machine. There is no “live agent” to argue with; just provide the required information and don’t hang up, or “your access to funds may be delayed.”
Why Do People Fall For This Scam?
Reading about it here, this process seems obviously bogus, a trick that no reasonably cautious person would fall for. But in real life, it works often enough to be worthwhile for the scammers. Many banks use robocalls to authenticate unusual activity on customers’ accounts. Paypal does it. These legitimate robocalls lend credibility to the phishing calls. So phone-phishing is big business.
Illegal automated calls are the number one source of complaints filed with the Federal Trade Commission. The agency receives an average of 170,000 complaints about robocalls every month!
Once the robocalling machines have pried enough information from a victim, it is turned over to human fraudsters. Experts at social engineering call financial institutions pretending to be cardholders. A simple question like, “What is my available balance?” identifies the big fish. Then the fraudster cons a customer service rep into changing the account’s mailing address, and the theft is complete.
Banks and credit card companies are fighting back with the help of companies like Pindrop Security, an Atlanta-based firm that specializes in phone fraud detection and advanced caller-authentication systems.
Ordinary caller-ID and Automatic Number Identification (ANI) technologies are virtually worthless for authenticating callers. Fraudsters long ago figured out how to spoof caller-ID and ANI data so that they can appear to be calling from any number, including a prospective fraud victim’s. I've noticed in the past few months that most of the robocalls I've received are coming from numbers that appear to be local.
What's a Phoneprint?
Catching spoofed calls is job number one. So Pindrop has developed a Fraud Detection System (FDS) that analyzes an incoming call to generate a fraud risk score based on the caller’s location, device type, and 150 other subtle characteristics. If this Phoneprint™ profile doesn’t match up well with the caller-ID and ANI information, the call is flagged as a “potential spoof.”
Suspicious Phoneprints™ are compared to Pindrop’s large database of Phoneprints™ known to be associated with criminal enterprises. The company updates this database by luring fraudsters to its “honeypot” of over 250,000 inactive phone numbers and creating Phoneprints™ of the fraudsters’ calls. Pindrop claims that its FDS is over 90% accurate in determining the location of a caller, the type of device used, and the network type for VoIP calls (Skype, Google Voice, etc.).
Recordings of flagged calls are brought to the attention of a financial institution’s fraud alert team within minutes of their completion, before any transactions or changes to a customer’s record can be finalized. The fraud team can put a hold on suspicious activity until it can be verified with the customer.
The best thing consumers can do to avoid the “silent call” pitfall is to simply hang up, according to the FTC. Don’t press any buttons, even the one that’s supposed to remove you from the caller’s call list. That will only result in more robocalls. You might also want to try a free service called Nomorobo to filter out these annoyances.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 27 Aug 2015
|For Fun: Buy Bob a Snickers.|
Geekly Update - 26 August 2015
The Top Twenty
Smoke and Mirrors at Amazon.com?
There's more reader feedback... See all 45 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- How “Silent Calls” Lead To Identity Theft (Posted: 27 Aug 2015)
Copyright © 2005 - Bob Rankin - All Rights Reserved