October 11th, 2013
Jackie here. The phone rings. Your caller ID says it’s your local police department. They ask for personal information and of course you provide it. After all, it’s the police. Thanks to caller ID spoofing, you may have just shared your information with scammers. Caller ID can be tricked; don’t trust that callers are who they say they are, especially if they are asking for your personal information.
What is Caller ID Spoofing?
Caller ID spoofing involves using technology to change the number that appears on caller ID. This can have many useful purposes. Companies can change the caller ID of marketing calls to direct those returning a call to a call center, rather than a specific line. It can also be used to make phone calls appear local, even when they aren’t, increasing the likelihood of a person answering. Caller ID spoofing can also be used to defraud people when scammers pose as banks, credit card companies, or government agencies to obtain personal information.
While using caller ID spoofing to defraud is illegal, that doesn’t mean the practice doesn’t happen. If you do encounter a fraudster, you can report the problem to the FCC.
Avoiding Caller ID Spoofing
Luckily this potential scam is an easy one to avoid. Simply know the practice exists and avoid sharing personal information over the phone. If a company calls asking for personal information (passwords, addresses, account numbers, etc.), hang up and call them back using a known number. Know that caller ID is a useful tool, but isn’t a guaranteed method of identifying the caller on the other end.
Learn more about caller ID spoofing and get tips for protecting yourself from the FCC.
October 7th, 2012
Tamara here, with the AllClear Investigation team. Scammers will try anything to get you to fall prey to their attack. Whether it’s online, by mail, or over the phone, the experience is never a pleasurable one. It seems there is also a time where certain types of scams spike, such as the Tech Support telephone scam recently popping back up again according to this newsletter from www.securingthehuman.org, seeming to target the elderly.
How this scam works
You get a phone call from someone claiming to be from Microsoft Tech Support or other internet service provider stating they have detected a virus on your computer and they want to help you remove it.
To convince you, the scammer instructs you to open the Event Viewer window. Upon opening the Event Viewer, they lead you to take note of the yellow and red flags. Now, though they look like they would indicate a problem, they are mostly harmless, and everybody’s Event Viewer has yellow and red flags. To inexperienced or not so technically apt individuals, this looks like it could be evidence that there is malicious software installed or a problem with their system.
At this point, the scammers convince you to download a program which allows them to remotely access your computer, or direct you to a fake tech support website where you download malware disguised as a fix for your computer. One service the scammers commonly use to remotely access your computer so is Ammyy.com. (Ammyy is aware of this and has issued a warning including instructions on how to remove the program from your computer.) Once they have access to your computer, whether it’s via the remote access computer or via malware, they have access to whatever you may have stored on your computer. They will then take that information to take over bank accounts, make fraudulent charges, or other criminal activity.
After installing or accessing your system, the scammer will then ask for your credit card information to pay for the service of “cleaning up” your computer or offering anti-virus protection. Victims that have provided that information were fraudulently charged as much as hundreds of dollars for services that are offered for free.
If you have fallen prey to this scam, first contact your financial institutions and report the incident. Shut down your computer, then restart it with a program designed to detect malware, or have a trusted professional check it out.
And, it is always good to report the scam. In reporting to the Federal Trade Commission the information is entered into a database which is accessed by law enforcement authorities to assist with the investigation, hopefully leading to catching the scammers. Another place to report telephone scams are to your Attorney General’s office. Information to report would be items such as the scammer’s name, where they claim to be calling from, what type of accent the scammer has (if they have one), the telephone number, and the date and time of the call.
Microsoft, and any other internet service provider, will not make unsolicited phone calls to charge you for computer security or software fixes.
September 26th, 2012
Jackie here from AllClear ID. You pick up the phone expecting to hear the sweet voice of your Aunt Mavis or your mother calling yet again, but instead you hear a recording. If this seems to be happening more and more often, it isn’t just you. According to a news report by ABC, robocalls are on the rise.
If you aren’t familiar with the term, robocalls are a type of phone call that aren’t made by a person, just a recording. The calls are auto-dialed. Sometimes robocalls are a good thing sharing emergency updates or important utility information, but other times they are used for scams, sales calls and pre-recorded marketing messages.
In 2009 the FCC passed new legislation that prohibited the use of robocalls for sales unless companies had written permission. You’d think this would lead to fewer pesky phone calls, but interestingly the legislation had the opposite effect. Legitimate sales companies shut down and in their place a host of scam companies started using robocalls.
Another arena that commonly sees robocalls is the political scene. With the upcoming elections, political robocalls might see an upswing in the coming months. In fact, Wisconsin recently had a political robocall scandal. Before a recall election in June, robocalls informed many potential voters that they should skip the polls if they had already signed a recall petition. This tactic was possibly a ploy to keep voters from the polls and to influence the results of the election.
Beware of anything you hear via robocall. Technology makes it possible to manipulate the numbers that appear on your caller id. It may look as though the robocall is coming from your own city, but in reality it could be a scammer in another country trying to commit id theft.
What Can You Do to Protect Yourself from Robocalls?
- Add Your Number to the Do Not Call List- One way to keep telemarketers from calling is to place your number on the National Do Not Call List. Signing up is easy and just takes a few minutes. Head on over to www.donotcall.gov and follow the simple instructions. Make sure you place both your home and wireless number on the list.
- Just Hang Up- If you do get a robocall hang up immediately. Pressing buttons confirms that you are on the other end of the line and can result in more frequent calls. Never give your personal information to an operator associated with a robocall.
- Report It- You can report robocalls that you feel are in violation of the law to the FCC. The FCC can use this information to investigate law violators. File a complaint here.
- Get Your Information from a Trusted Source- Robocalls can be used to distribute information to a lot of people quickly, but sometimes this information is false. Always get your information from a trusted source or double check the information you hear through a reputable source.
Learn more about robocalls in the FCC’s guide here.
May 24th, 2012
Chris here, AllClear ID Investigator. According to the FTC’s Consumer Sentinel Network Data Book (issued in February 2012), identity theft involving phones and utilities accounts made up 13% of the total fraud reported to the FTC in 2011. That puts phone and utilities fraud at the 3rd most common form of identity theft in 2011, coming in just under Credit Card Fraud at 17%, and Government Documents and Benefits fraud at 27%. This is important, because normally fraudulent cable and utilities accounts that are opened will not appear on a credit report until they are past due and sent to collections. Therefore, if there is a fraudulent utilities account opened in your name, even with a credit monitoring service, you may not be made aware of the activity until months later when you start getting notices from a collection agency.
The National Consumer Telecom & Utilities Exchange, or NCTUE, is a member-owned database. The NCTUE compiles and manages information pertaining to Telco, Utility and Pay TV records for over 290 million consumers. This information is organized and provided to consumers on a file called a Data Report. This data report is much like a credit report but, instead of showing existing lines of credit, it shows existing phone, cable, and utilities accounts.
So how can you protect yourself against this type of fraud? We recommend that you visit the NCTUE website. Here, you can order a copy of your Data Report for free. Once you get the report, review it carefully to ensure that there are no fraudulent or suspicious accounts being reported under your identity. If you do notice anything suspicious, or you have previously been a victim of phone and utilities fraud, immediately alert AllClear ID. You can then add a Fraud Alert or a Security Freeze to your Data Report through the NCTUE. These 2 services work the same as a Credit Freeze and Fraud Alert would work on your credit file, basically alerting companies to the fact that you are a victim of identity theft and that they should take the necessary precautions before opening any other accounts that have been applied for using your info.
It’s also worth noting that there’s no central database that all utilities and phone companies report to nationally. Therefore, the NCTUE does not receive information from every phone and utility company and may not have a Data Report for everyone. The NCTUE Data Report and Fraud Alert should be used as a precautionary measure to help detect and deter fraud, and not the soul means of preventing it.
March 26th, 2012
Kelly here, with AllClear ID. In December Tamara talked about a scam that the AllClear Investigation Team had been witnessing.
The IC3 recently warned about a new twist on this scam:
“The IC3 has recently observed a variation of this scam in which the caller tells the victim there are outstanding warrants for their arrest … During the perpetration of this crime, the caller demands payment via debit/credit card; in other cases, the caller further instructs victims to obtain a prepaid card to cover the payment.”
Like the older version of the scam, intimidation is used to pressure the victim into divulging their personal information. Victims have even reported thieves visiting them at home or at work.
If someone contacts you regarding a debt that you do not owe, the IC3 recommends that you:
- Contact your local law enforcement agencies if you feel you are in immediate danger
- Contact your bank(s) and credit card companies
- Contact the three major credit bureaus and request an alert be put on your file
- If you have received a legitimate loan and want to verify that you do not have any outstanding obligation, contact the loan company directly
- File a complaint at www.IC3.gov
December 8th, 2011
Tamara here, from the AllClear ID Investigations Team. People across the country are receiving calls from scammers stating that they owe on a payday loan. The callers claim that a lawsuit has been filed against the victim and they are to pay the “debt” immediately, typically via wire transfer. If the victim does not pay, the scammers often become threatening, harassing or intimidating and threaten victims with a court appearance and possibly jail. They do not stop with the multiple calls at home, they even going so far as to calling the victim’s place of employment.
Some of the callers even claim to be from the attorney general’s office or an officer of the Internet Crime Compliance Center (IC3) and claim the victim is being sued by the IC3.
The callers have the victim’s social security number and bank account information (though, in some cases, it was an old account number). There have also been cases where the scammer has the victim’s address, employer information, driver’s license numbers and sometimes even names of personal friends or professional references. The information they have obtained may have been from a data breach or from an on-line application for other loans or credit cards.
The callers have used fake names, foreign accents and provided incorrect phone numbers for call back. Upon being questioned, the scammer is not able to provide valid details regarding the debt or where they are calling from. They become very upset and may even pretend to be on the radio with the authorities commanding arrest immediately.
Unfortunately, some people do fall victim to this scam. Once the scammer gets the first wire transfer, they then demand more. Not only is this financially detrimental to the victim, the psychological implications of the threats and harassment from the scammers is disconcerting.
In the event you get one of these calls, do not confirm or provide any personal information to the caller. If you do have a payday loan, contact your lender directly to verify the status of the debt and inform them of the call. Also, review all of your existing financial accounts to ensure they have not been compromised. Place a fraud alert on your credit file. File a complaint at www.ic3.gov, the Federal Trade commission at www.ftc.gov/ftc/contact.shtm, and if threatened, file a police report.
November 11th, 2011
Vanessa here from AllClear ID. You probably heard about Rupert Murdoch and the voicemail-hacking scandal at his company that happened over the summer. However, it’s not just celebrities who are at risk. Breaking into anyone’s voice mailbox is easy.
It’s done through “caller ID spoofing,” an online service that makes a call appear to be coming from any phone number. Hackers can use it to access your voice mail messages by fooling the system into thinking the call is coming from your cellphone. If your mailbox isn’t protected by a password, which is fairly typical, a hacker and hear and even delete messages in your voice mailbox.
There are plenty of spoofing services, and they are actually legal, used by domestic-abuse victims who don’t want their calls traced and law officials operating undercover. They’re also easy to find on Google, charging $10 or so for an hour of call time.
Another problem is that companies, even cellphone carriers, have little security against spoofing. According to the Boston Globe, three of the four major cell phone companies (AT&T, T-Mobile and Sprint) don’t require customers calling their voice mail to use a password. Security experts believe carriers should require a password every time a customer calls in to check their voice mail to help protect from hackers.
Furthering the risk, the New York Times reported that someone armed with just a little information about a person can gain access to the automated phone systems for Bank of America and Chase’s credit card holders. Once those systems recognize the phone number and the bits of personal information, they offer up the latest on the card holder’s debts, late payments and credit limits. Bank of America’s computer will even read off a list of dozens of recent charges.
What can you do to block the voice mail hackers from conducting credit card scams on you? Until banks tighten up their security, it’s up to you. The Times recommends not using a Chase or Bank of America card to charge items that people may have an interest in. Shred your card receipts to prevent hackers form gathering the data they need to call up your bank’s system. As for your cellphone, if you’re not a Verizon user, set up a voice mail password and use it every time you use your phone.