advice
Hello there! Usually, I write on the topics of technical support or problem-solving, but not this time. Well, to the major extent, it will be relevant to the cybersecurity world: today’s post concerns phone fraud. I read quite a lot of articles on racketeers, and know their methods in theory, but this was the very first time when I encountered them in the wild.
It all started with my Mom calling me at 12.30 a.m. To be honest, I had been enjoying the second solid hour of sleep by that time, so her very first question surprised me just a tad: “Rodion, where are you?” Still asleep, I even paused to think what to answer. Then I assured Mom I was in bed, sleeping, and this wouldn’t change for at least several hours. Only then I asked: “What happened?”
What happened was the following: in the dead of the night, a guy called her on the landline phone and said in a weary voice: “Mom, I got into an accident. I need your help. I’ll pass the phone to the officer, he’ll fill you in”. Then the “police officer” took over and referred to himself as Alexander. Here’s what their dialogue looked like:
Mom: What happened?
Alexander: Your son has run over a woman. He is facing serious charges. Are you going to help him?
Mom: Sure, how much would that be?
Alexander: 100,000 Rubles (it‘s about $2000 at the moment).
Mom: Where is he?
Alexander: Do you need the exact address?
Mom: Yes, the address I need to bring the money to.
Quite misfortunate was he, though, as he did not know the guy they tried to impersonate (me) works in the sphere of information security, and his Mom knows a lot about the stuff. So, that very second when Mom engaged into a vivid discussion with Mr. Policeman, she was dialing my number to clarify a couple of facts. Well, as soon as I answered the phone, the fraudsters hung up.
I talked to Mom and reassured her she had nothing to worry about, and I swale with pride on hearing how cool-headed she was when talking to the fraudsters. As soon as the dust settled, she called the real police.
How to save $2000 on one call, or Why I am so proud of my Mom
Many people who face such a situation don’t consider a call to the police a worthy option, at least in Russia. They think that they would be laughed at or ridiculed — but let me assure you it’s not the case. When we called to precinct, the first thing we were told that under no circumstances should we transfer money, and that Mom should immediately revoke the payments if they have been already executed.
The police have treated the matter with utter care and seriousness and sent an investigator directly to Mom’s home. He arrived at 4 a.m. (!), accurately filed in all witness accounts, briefed her on similar cases of fraud and instructed her on how to behave in circumstances like those. So, it was “serve and protect” in its essence, really appreciated. That’s the story in a nutshell.
Now, it’s time to analyse. The aforementioned situation is not a rare case, and fraudsters employ varied channels, including phone, SMS, email, social networks, popular messengers (like Skype) etc.
Fraudsters hacked #Skype and tricked victim’s friends to send them about $5000: https://t.co/lv9nlyGvVg
— Kaspersky Lab (@kaspersky) March 24, 2015
I can’t assess, hard as I try, why would a human go to these lengths in their willing to win an easy buck. These people don’t ever think of a possibility that their intended victim might have a heart disease and such a stunt might cause a very severe impact. Anyway, making money on others’ fears is detrimental for karma, or whatever counterpart of this ethical concept you believe.
But let’s leave aside the philosophy and get down to business. Any fraudster like those we encountered tries to play a family or friendship card. What parent or friend would neglect a grave situation and refuse to help in an instant? A fraudster would try to bully, scare, confuse their victim, so the unfortunate interlocutor would bring them money without asking too many questions.
However, there’s one thing you should bear in mind. Usually a choice of a target for such social engineering tricks is a completely random process. It might be so that scammers laid their hands on a database of phone numbers and started to approach all of them on a carpet-bombing principle.
With so many addressees available, they have a solid chance of finding a random mother who has a son, who, in turn, drives a car. Quite a typical case, isn’t it?
But even with such a high degree of probability, the scammers neither know the son’s name, nor the brand of the car. All in all, they don’t know anything about people they are about to trick.
Of course, there are exceptions, but mostly, it happens just the way I described above. Consequently, in order to make the fraudster back off, the very first thing you need to do is switch off your emotions (of course, it is challenging when you hear shocking news) and try to ask a question which a potential fraudster would not be able to answer.
For instance in our case, my Mom could have asked, which of her sons they mean. The culprit would have tried to avoid answering or been forced to abandon his initial plan, but in the end he would not be able to name the son in question. Then the ‘police officer’ would never even have started to talk. Another question would have been: Who are you calling? Well, my Mom acted as appropriate, nevertheless.
The second recommendation: in any case like the one above, independently of the manner the ‘shocking news’ was conveyed to you, try to reach to the person who allegedly got into trouble. This is just what my Mom did. As soon as scammers realized their victim did not lose the ground and continued to analyse the situation, so they immediately lost their confidence and hung up.
A phone call is much more difficult to handle in terms of emotions than SMS, messengers or other text-centric channels: you could be unable to use another phone for fact-checking, whereas the culprits would use their entire social engineering arsenal, from tonality of the voice to the acting talent. So, the main thing here is handling your emotions.
So, here is an anti-fraudster playbook which will help you to make sure the scammers don’t take advantage of you:
- Don’t panic!
- Don’t accept anything at its face value!
- Don’t transfer money!
- Try to get in touch with the person in question (i.e. with the one on whose behalf the fraudster pretends to communicate).
- Ask detailed questions that only your real relative or friend would be able to answer.
- Last but not least, call the police! This is the only means of making the society comprehend the problem of scamming and make this world a bit safer. It does not only include fake calls of SMS messages with pleas to transfer some money and help with some grave problem. It equally has relevance to ransomware or Windows blockers, which Kaspersky Lab products can easily deal with. All these threats are small bricks in the enormous Evil Tower, which we need to rock and demolish.
I am pretty sure there are other ways to fight off the scammers. Let’s share our experiences and tips in the comments to this post. So, all of you, have good nights, be cool-headed and enjoy pleasant phone calls from your relatives and friends! Together, we will take down any threat and make this world a safer and more pleasant place to be.
Tips