ROBOCALLS AND PHONE SCAMS

The US Senate and the FCC has finally taken up the battle against Robocalls and Phone Scams. This federal intervention should provide much needed relief to consumers. Estimates of robocalls and phone scams have grown from 29% of all calls in 2018 to as much as 45% of all phone calls in 2019.

THE TRACED ACT

In May the US Senate approved the Telephone Robocall Abuse Criminal Enforcement and Deterrance (TRACED) Act by a 97-1 vote.  Don’t you just love how they come up with these nifty names?  Also, I wonder which Senator was the only one who didn’t think this legislation should be passed. The TRACED Act grants the Federal Communications Commission (FCC) stepped-up enforcement power to levy heavy penalties and fines against violators.

Additionally, the FCC voted unanimously to finally grant telecommunications companies the authority to use technology to proactively identify and block Robocallers.  A summit was held in July with carriers to identify a framework for implementing these new guidelines. The FCC says it is committed to pursuing “aggressive enforcement action” against Robocallers.

Robocalls and Phone Scams
STOP CALLING ME!!!

MOST ALL ROBOCALLS ARE ILLEGAL

Robocallers often place their calls using internet technology that hides their location. When these calls come in, your Caller ID usually displays a “spoofed” (fake) phone number. Tens of millions of these calls are blasted out each day. Most robocalls and phone scams are automated voice messages.

Industry stakeholders are working to implement a caller ID authentication system. Once implemented, it should help the accuracy of caller ID information and help consumers determine which calls are authenticated.

EXAMPLES OF 2 NEW ROBOCALL TACTICS

‘Neighborhood Spoofing’ and the ‘One Ring Scam’ are two of the newest tactics being used to get you to pick up or call back. Neighborhood Spoofing is when a fraudster alters their phone # to look like a phone number with the same area code as yours. The One Ring Scam involves a Robocaller hanging up after only one phone ring, hoping you’ll be curious enough to call back.

THWART ROBOCALLS AND PHONE SCAMS

  • Don’t Engage: Don’t pick up if it’s a number you don’t recognize. Let it go to voicemail.
  • Don’t Answer: Don’t pick up or return any calls you don’t recognize
  • Don’t Encourage Them: If you are instructed to press a “key” to be taken off their list or to speak to an operator you are, in essence, logging your number as a working number. You will be targeted for even more annoying calls. Hang up without pressing any keys!
  • Block Them: Block Robocall phone numbers on your phone, but realize that telemarketers change phone numbers often.
  • Use Technology: Use call blocking options for your cellphone
  • List: Add your number on the Do Not Call Registry  If your number is already registered and you still get unwanted calls, report them  to help expose and catch these fraudulent callers.
  • Forward: SPAM text messages to 7726 (or SPAM)
  • Report: File a Complaint to help investigators detect and track patterns in Robocalls. Call the Federal Trade Commission at 888-382-1222.

Read my prior article about Robocalls here.

FCC Consumer Resources

BEWARE OF CHARITY SCAMMERS

Beware of Charity Scammers

While natural disasters, such as Hurricane Dorian, bring out the best in people who want to help, unfortunately it also brings out charity scammers.  People with good intentions are moved to want to help the victims of a disaster, while charity scammers are moved to take full advantage of the abundance of good will.

Charity scammers exploit disasters by posing as fake charities. Instead of collecting money to help disaster victims, they keep the money for themselves.

So – How Do They Do It?

In the aftermath of most disasters, charity scammers are hard at work sending out unsolicited emails, text messages, snail mail solicitations, social media advertisements and even come knocking at your door asking for donations.

Disaster Relief Charity Scammers
Choose Your Charity Wisely!

You can never be sure whether the person contacting you is legitimate or not!

Charity scammers are also very adept at creating phony, but legitimate-looking websites that appear to be real charities. They choose names of similar sounding charities to fool you into thinking they are legit. Charity scammers will provide you with a link to their fake websites. These fake websites capture unsuspecting victims who innocently enter their personal info including their SS#, address, phone # and credit card info.

Keyboard with Donate Button
Beware of Spoofed Charity Websites

FOLLOW THESE IMPORTANT TIPS:

  • Go directly to the charity yourself. You can find the address of a charity’s website and either mail them a check or go directly to the charity’s website (by typing in the website address yourself) and make your donation online.
  • Look for the padlock symbol and the website address to start with https, not just http. The “s” stands for a secure website. Also, realize that most charity websites will end in “.org”, not “.com”.  Be careful of making typos when entering web addresses too.
  • Never, ever click on links in an email, no matter how legitimate the email looks! The US Computer Emergency Readiness Team (US-CERT) is reminding everyone that malware purveyors frequently use natural disasters and breaking news stories to trick people into clicking on malicious links or opening up booby-trapped email attachments.
  • Be careful of what you see on your ‘Caller ID’. Most phone numbers are “spoofed” to look like the call is coming from a charity, when in fact, it’s a scammer calling.
  • Telemarketers who call you, representing a charity, receive a commission for each donation they receive. So only about half of your donation actually goes to help the charity. Besides, how can you be sure that the person calling you is from a legitimate charity?  You can’t!
  • To check out a charity, you should go to either charitynavigator.org or www.charitywatch.org  Both websites help you determine if a charity is legitimate. If the charity is not on the list, then beware! You can also learn how much of the money a charity collects, actually goes to the people they are supposed to be helping.
  • Always contribute by check or credit card to have a record of your donation. Never make a donation with cash, a pre-paid debit card, bank wire, or especially an iTunes or Amazon gift card.
  • The IRS allows taxpayers to use their Tax Exempt Organization Search Tool to help find or verify qualified charities. Donations to these qualified charities may be tax-deductible.
  • Contact any organization you’re considering, and ask for the charity’s address, phone number and financial records. Consider how much of your donation will go to the program you want to support, and how much will cover administrative costs. Legitimate groups will gladly provide information about their mission and how your donation will be used. If the charity you contact is unwilling to provide you with such information, be suspicious!

You can read a previous article I wrote about charity scams here.

 

 

Apple iPhone Scam – Very Convincing

I did not write this article, but I copied the important main parts of it here. It was written by Brian Krebs who is a security news and investigator. His website is called KrebsonSecurity.  Here is the link to his original article:  https://krebsonsecurity.com/2019/01/apple-phone-phishing-scams-getting-better/

I thought it was important enough to alert you to this new Apple iPhone scam – Read on…

Apple Phone Phishing Scams Getting Better

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.

Jody Westby is the CEO of Global Cyber Risk LLC, a security consulting firm based in Washington, D.C. Here is an account of what happened to her. Earlier in the day she received an automated call on her iPhone warning that multiple servers containing Apple user IDs had been compromised (the same scammers had called her at 4:34 p.m. the day before, but she didn’t answer that call). The message said she needed to call a 1-866 number before doing anything else with her phone.

Here’s what her iPhone displayed about the identity of the caller when they first tried her number at 4:34 p.m. on Jan. 2, 2019:

Apple iPhone Scam

Note in the above screen shot that it lists Apple’s actual street address, their real customer support number, and the real Apple.com domain (albeit without the “s” at the end of “http://”). The same caller ID information showed up when she answered the scammers’ call this morning.

Westby said she immediately went to the Apple.com support page (https://www.support.apple.com) and requested to have a customer support person call her back. The page displayed a “case ID” to track her inquiry, and just a few minutes later someone from the real Apple Inc. called her and referenced that case ID number at the start of the call.

Westby said the Apple agent told her that Apple had not contacted her and that the call was almost certainly a scam. Apple said they would never do that — all of which she already knew. But when Westby looked at her iPhone’s recent calls list, she saw the legitimate call from Apple had been lumped together with the scam call that spoofed Apple.

“I told the Apple representative that they ought to be telling people about this, and he said that was a good point,” Westby said. “This was so convincing I’d think a lot of other people will be falling for it.”

KrebsOnSecurity called the number that the scam message asked Westby to contact (866-277-7794). An automated system answered and said I’d reached Apple Support, and that my expected wait time was about one minute and thirty seconds. About a minute later, a man with an Indian accent answered and inquired as to the reason for my call.

Playing the part of someone who had received the scam call, I told him I’d been alerted about a breach at Apple and that I needed to call this number. After asking me to hold for a brief moment, our call was disconnected.

No doubt this is just another scheme to separate the unwary from their personal and financial details, and to extract some kind of payment (for supposed tech support services or some such). But it is remarkable that Apple’s own devices (or AT&T, which sold her the phone) can’t tell the difference between a call from Apple and someone trying to spoof Apple.

Phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. If a call has you worried that there might be something wrong and you wish to call them back, don’t call the number offered to you by the caller. If you want to reach your bank, for example, call the number on the back of your card. If it’s another company you do business with, go to the company’s Web site and look up their main customer support number.

Relying on anything other than a number obtained directly from the company in question — such as a number obtained from a direct search on Google or another search engine — is also extremely risky. In many cases, the scammers are polluting top search engine results with phony 800-numbers for customer support lines that lead directly to fraudsters.

These days, scam calls happen on my mobile so often that I almost never answer my phone unless it appears to come from someone in my contact list. But as this scam shows, even that’s not always a great strategy.

It’s a good idea to advise your friends and loved ones to ignore calls unless they appear to come from a friend or family member, and most importantly to just hang up the moment the caller starts asking for personal information.

AGAIN, I DID NOT WRITE THIS ARTICLE. IT WAS COPIED HERE FROM AN ARTICLE WRITTEN BY BRIAN KREBS.  HERE IS HIS HOME PAGE LINK:

https://krebsonsecurity.com/

ROBOCALLS Telemarketing Phone Calls

ABOUT THOSE PESKY ROBOCALLS

Robocalls are designed to bait you into giving up your personal or financial information. Telemarketing fraud often begins with a Robocall. Unwanted calls are more than a mere annoyance – they are an invasion of privacy and a breeding ground for fraud and identity theft.

Robocalls broke a national record in March of this year (2018). Youmail.com reports that 3.15 billion Robocalls were placed in just the month of March alone. This is a 15% increase from the month before. This increase was driven by a big jump in telemarketing (up 19%) and scam calls (up 13%).

Consumer Reports estimates that Americans lose $350 million a year to scams involving Robocalls. Using today’s technology, tens of millions of Robocalls can be blasted out each day. We’ve all received these telemarketing pitches – like ‘Rachel from Cardholder Services’ or ‘Microsoft’ Imposters calling to warn you that you have a computer virus.

Robocalls
File a complaint with the FTC

MOST ROBOCALLS ARE ILLEGAL!

Only about 10% of Robocalls are actually legal and useful. Airlines can call to give flight updates. Schools can call to alert parents about closures. Doctors can call about appointment reminders. Also, non-profits, political and charitable organizations are allowed to call you too. Just beware of imposters!

Robocalls are usually autodialed or pre-recorded telemarketing calls. The scammers usually don’t know who they are calling and simply ignore the Do-Not-Call List. They oftentimes use prefixes that are the same area code that you live in and even use a phone number similar to yours – in the hopes that you’ll pick up the phone.

Don’t  believe what you see on Caller ID!

When these calls come in, your Caller ID usually displays “spoofed” (fake) phone numbers and/or “spoofed” names of legitimate organizations – like the IRS or a bank, or utility company.  Or, the Caller ID may show as “Unknown”. Robocallers often place their calls using internet technology that hides their location. From here on, you must never rely on what your Caller ID displays on your phone.

Robocalls Aren’t Going Away

Follow these tips to protect yourself from those pesky calls:

  • Don’t Encourage Them: If you are instructed to press a “key” to be taken off their list or to speak to an operator you are, in essence, logging your number as a working number. You will be targeted for even more annoying calls. Hang up without pressing any keys!
  • Don’t Engage: Don’t pick up if it’s a number you don’t recognize. Let it go to voicemail.
  • Block Robocall Numbers: Try contacting your phone service provider, but don’t pay extra for this type of service – since telemarketers change phone numbers often.
  • Forward any SPAM text messages to 7726 (or SPAM)
  • File a Complaint: This helps investigators detect & track patterns in Robocalls. Although most Caller IDs display numbers that are spoofed, report them anyway by calling the Federal Trade Commission at 888-382-1222 or go to ftc.gov/complaint
  • Sign the petition: at Consumers Union to help pressure Telephone Carriers to offer free call-blocking technology by going to: endrobocalls.org

 

ADDITIONALLY –  There’s an App for that

There are a number of apps that are free or for a small fee, will help prevent most, but not all Robocalls.

Here is the link for Android Phones: https://www.ctia.org/consumer-tips/robocalls/android-robocall-blocking

Here is the link for iPhones: https://www.ctia.org/consumer-tips/robocalls/ios-robocall-blocking

Here is a link for Landlines, that offers call blocking for free: https://www.nomorobo.com/

Interesting Factoids:

iPhone users get more robocalls than Android users. They received 29% more Robocalls than Android users, during the month of March. Also, AT&T users get more Robocalls than Verizon users.

Crooks who commit phone fraud are clever. They have to be – as this is the way they make their living. So, don’t engage with them. Instead – ALWAYS HANG UP ON ROBOCALLS OR LET YOUR CALLS GO TO VOICEMAIL!

EQUIFAX BREACH EXTREMELY DAMAGING

Why is the Equifax breach extremely damaging? Because the typical information required to prove your identity is now in the hands of the bad guys!

YOU CANNOT HIDE YOUR HEAD IN THE SAND AND THINK YOU’LL BE IMMUNE! 

An identity thief will go to great lengths to dig up your personal identifying information (PII) so they can impersonate you and then commit ID theft. This Equifax breach has already completed that part of the job for them.

Remember that 145.5 million Americans (over ½ the U.S. population) have had their PII stolen! Your information will likely be auctioned off on underground websites to opportunistic criminals, across the planet. Armed with your PII, a criminal can do a lot of damage to your identity, your good name and your financial records!

equifax breach extremely damaging
ARE YOU ANGRY YET??? YOU SHOULD BE!!!

How is the Equifax breach extremely damaging? Let’s count the ways… 

  1. Pretexting – Criminals will use your PII to convince your bank, credit card company, utility or phone service to make changes to your accounts. Your PII gives them the ability to change your email address, PINS, passwords, direct deposit info, phone # and home address. They’ll even change the answers to your secret questions – all in their quest to gain access to private information or to lock you out of your own
  2. Tax ID Theft: File fake tax returns to get large refunds.
  3. Credit Fraud: Open new lines of credit in your name (personal loans, auto loans, mortgages, new credit cards).
  4. Counterfeiting: Create fake ID’s like driver’s licenses, passports, insurance cards, etc.
  5. Criminal ID Theft: Use your ID to give to police if they get arrested.
  6. Medical ID Theft: Create medical insurance cards to get medical services or commit insurance fraud.
  7. Employment ID Theft: Use your PII to get a job and collect a paycheck.
  8. Financial ID Theft: Open bank accounts in your name and pass around bad checks.
  9. Malware/SPAM: Infect your devices with Malware by sending SPAM emails or texts, purported to be from Equifax. SPAM emails and texts are designed to lure you to click on links or open attachments that infect your devices and turn them into ‘bots’.
  10. Spoofing/Phishing: Imposter phone calls from Equifax employees or clickable links that lure you onto a fake Equifax website. Offers of free credit monitoring services or class action lawsuits, designed to phish for additional info, like your credit card number

YOU MUST LEARN WHAT TO DO TO PROTECT YOURSELF! YOU MUST BE PRO-ACTIVE AND EVER VIGILANT!  AND PLEASE – PASS IT ON…

READ MY PREVIOUS EQUIFAX BREACH ARTICLE TO LEARN WHAT YOU NEED TO DO.