Phone Hacking and Phishing Scams

Crooks are using phone hacking and hijacking to conceal their identities during phishing scams.

A message from one of our regular readers alerted us to a clever trick in which scammers appeared to have taken over the phone number of a local church, which then forwarded victims’ calls to a recorded message asking for debit card details.

The scam started out in a familiar way. Our reader — let’s call him Nick — received a text message on his cellphone claiming that suspicious activity had been detected on his card, and asking him to call a specific number.

Because he’s smart (and a Scambusters reader!), he suspected a fraud and checked out the number by doing a Google search. It turned out to be the legitimate number of a church. Then he used a computer device, for the sake of anonymity, to call the number.

Nick takes up the story: “I got a message saying, ‘Welcome to Customer Support, Verification Services, to reactivate your card. Live service will be unavailable. Now enter your 16 digit card number, followed by # key.

“I put in 1111-1111-1111-1111# and it continued, ‘Now enter your credit card expiration date.’ I put in 11/11#. “Then it said, ‘Now enter your personal identification number PIN, that you use for ATM transactions.’ I put 1111#.

“And finally: ‘Enter your CVV on the back of your card.’ I keyed in 111#, waited and the message finally said: ‘Sorry our records show that your card is already activated and your card is secure. Goodbye.’”

Nick called the number a few times and once or twice actually managed to get through to the church’s own answer phone. Of course, he also reported the incident to local police.

But what’s going on here?

Clearly, if he’d given his real card details, he would have been well and truly scammed — parting with this crucial, confidential information, especially the CVV number on the back. Equally clearly, the church itself was presumably not in the scamming business!

So the only conclusion is that calls were being forwarded from the church phone to another, unidentified number, probably in another region or even another country. Using this trick, the scammers hide themselves and make it look like the victim is calling a local number.

But how did it happen?

Well, as we’ve previously reported, scammers can use a simple trick to hijack phones by fooling owners into keying in a number that automatically forwards any further calls.

You can read more about this in one of our earlier issues:

Usually, this links the phone to a premium phone line for which the user ends up paying a whopping bill. There seems to have been some recent resurgence in this crime but that obviously wasn’t the intention with Nick. It’s also possible that the church’s phone could have been hacked by other means.

If it used computers to manage its call system, these could have been compromised by malware or a virus, enabling the crooks to control the entire system. It’s even possible that the phone system could have been physically tampered with, linking it to the scammers’ own system.

Whatever route the crooks took, it highlights the vulnerability of phone systems and their users. And it’s not an isolated case.

For instance, an Arizona TV station recently reported that phone calls to customer service organizations were being hijacked and diverted by scammers to trick users into signing up for recurring phone bill charges.

The call answerer poses as a legitimate customer service rep and offers a $100 gift card to the caller as compensation or reward for whatever they’re calling about. But they insist victims pay a $4 “shipping charge,” which supposedly also gives them access to a free information line. In reality, they’re “signing up” to subscribe to a useless information service based in Peru that is charged monthly to their phone bill. And, of course, they don’t get the gift card. At the time of writing, it’s not known how the scammers are managing to hijack the calls but, according to the TV station, the incidents are being investigated by the FBI.

In another recent case, this time in Ohio, a woman received a string of complaint calls from people who said they’d been conned by someone using her phone number. Again, no information on how the crooks managed to hack her phone.

In addition, as we have already reported, crooks use computer systems to spoof legitimate organizations on caller ID systems. There are a number of different aspects to these phone hijacking and hacking scams — depending on whether you’re a call victim or your phone system has been compromised.

So, here are 6 simple rules to follow to avoid being either type of victim:

• Never agree to forward a call or dial another number from your phone on behalf of someone you don’t know — especially those who claim to have called you by mistake.
• Don’t rely on caller ID as a confirmation of who the caller really is.
• Be wary when making customer service calls, especially those based on phone numbers you see on the back of a product you buy. Don’t agree to anything that involves making a payment or joining a “free” service.
• If you’re given a supposed business number to call, key it into a search engine like Google and see what comes up. If it’s a legit organization it should show up in the search. If it shows a different name — as happened with the church name for Nick — or tells you it’s a private number (it won’t actually give you the name of the owner), you know something is wrong.
• Always check your phone bill (landlines and cell phones) carefully.

If you see charges you don’t recognize, contact the phone company, and ask for them to be removed. Even if they won’t do that, insist that the recurring charge is canceled.

Remember that banks and other card issuers don’t use text messages or emails to alert you to problems with your account. Purdue Federal does text to verify charges, but we do not request that our member enter their card number and expiration date in.

That’s always a scam.

Even if they call you, you should never give your card details to anyone without independently and thoroughly confirming who they are — least of all in response to a recorded message. Call the number on the back of your card and ask them to verify if there are any problems.

Finally, if you think your phone number has been compromised or you encounter an experience like Nick’s, report it to the police.

It looks like law enforcement are still trying to establish how the crooks are pulling off some of these latest phone hijacking and hacking tricks — so be on your guard.

Fraudulent Purdue Federal Checks in Circulation

There are fraudulent Purdue Federal Official checks in circulation. If you received anything like this in the mail please contact the credit union. The checks are very similar to our checks with correct address and routing number information, however the check color is incorrect and they are not signed by the correct person.

Fake BBB (Better Business Bureau) Notifications lead to Black Hole Exploit Kit

Cybercriminals have recently launched yet another massive spam campaign, impersonating a rather popular brand used in a decent percentage of social engineering driven email campaigns - the BBB (Better Business Bureau).

Once users click on any of the links in the malicious emails, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit kit.

More details:

Sample screenshot of the spamvertised email:

Medicare Card Phone Scam

Scammers are tricking seniors nationwide into sharing personal information by claiming to be Medicare representatives mailing out new ID cards. Don’t fall for this attempt; just hang up on suspicious callers.

How the Scam Works:

You answer the phone, and the unknown caller claims to be with Medicare or another government office. He informs you that your new Medicare card is in the mail, and you will receive it in a few days. In the meantime, you need to set up your direct deposit so your Medicare funds can be deposited into your bank account. To do this, you just need to tell the caller your banking information. He will take care of the rest.

Of course, there is no new card and no direct deposit. The caller just wants you to share your banking information, so he can drain your account.

A Twist on This Scam:

aThe above is just the latest variation of the Medicare card phone scam. Other callers may ask you to verify your identity in order to receive the new card. They will ask for your Medicare card number, which is the same as your Social Security number, as well as other personal information. With that knowledge, a scammer can easily steal your identity.

How Can I Avoid Medicare Card Identity Theft?

Protect yourself from scammers by following these tips:

Don’t carry your Medicare card around in your wallet. If the card is lost or stolen, a scammer can use the information to commit identity theft.

Don’t give your personal information out over the Internet, phone, or to anyone who comes to your home uninvited. Only give information to doctors or other providers approved by Medicare

If you suspect identity theft, or believe you gave your personal information to a scammer, call the Federal Trade Commission’s ID Theft Hotline at 1-877-438-4338.

For More Information:

See Medicare.gov for more information about Medicare fraud and ID theft. For advice on preventing these crimes, check out this PDF.

Fraud Alert: Text messages are phishing attempt.

The Indiana Credit Union League has learned about phishing text messages that have been sent to cell phone users in northwest Indiana since at least Saturday afternoon. The messages have a subject line of “CU Center Alert,” and they say “Your card has been deactivated” and ask the recipient to call 219-655-8904 or 765-637-2846. The phone number is a general recording. No credit union name is mentioned. Please do not respond to this message.

Texts from Purdue Federal will have “PFED” or “Purdue Federal” somewhere in the header and will only occur if you enrolled to receive them. As always, remember we will never ask you for your entire card account number or other personal account information.

FinCEN Reminds the Public to be Wary of Fraudulent Correspondence and Phone Calls

The Financial Crimes Enforcement Network (FinCEN) reminds the public to be alert to ongoing financial scams that attempt to solicit funds from unsuspecting victims.

FinCEN has been receiving calls and reports of financial scam attempts conducted via telephone. In this scam the caller represents himself/herself as an employee of FinCEN and asks for the victim by name, either at the victim’s home or work number. The caller will identify an outstanding debt; this debt may be actual or bogus. The caller will provide the victim with the victim’s account, Social Security or other similar number and demand that immediate payment be made. The caller’s knowledge of the victim’s name, telephone number, account description and personal information serve to legitimize the caller.

FinCEN also has become aware of another financial scam conducted via e-mail and telephone in which an individual claiming to be a representative of the U.S. Department of the Treasury or FinCEN informs the victim that he/she has received a large Treasury Department grant. To obtain the grant, the victim is instructed to provide bank account information and make some type of initial payment or donation.

Recipients of these calls, letters, or e-mails should not respond to such messages, and should not send money or provide any personal or confidential information. Those who believe that they are or have been a victim of a financial scam, should report this information to local, State, or Federal law enforcement authorities.

FinCEN does not send unsolicited requests and does not seek personal or financial information from members of the public. FinCEN does not have authority to freeze assets or block funds transfers. In addition, fraudulent correspondence may purport to be from an overseas office of FinCEN. FinCEN does not have any offices outside of the United States.

Bogus “Refund Pending” emails targeting PayPal customers.

Fake PayPal notifications about a bogus refund are hitting inboxes around the world, trying to trick users into following a special link and supposedly log into their accounts in order to receive it.

Unfortunately for those who fall for the ruse, the link will take them to a page that looks like PayPal’s login page, but is actually a fake one mimicking PayPal’s, and all the information submitted into it gets forwarded directly to the phishers behind this scheme, who can then use it to hijack the victim’s PayPal and probably even gain entrance to other online accounts.

“PayPal is a favorite target of phishers, probably because PayPal does conduct so much of its business via email” points out Hoax-Slayer.

“But, PayPal will never send you an unsolicited email that asks you to verify or update your account by clicking a link. Or by opening an attachment as in some variants of these phishing scams. And PayPal will never send you a message that includes a generic greeting such as ‘Dear Customer’. Official PayPal emails will always address you by name.”

CU Members Recruited as Money Mules.

A number of credit unions have reported that their members are being recruited as money mules by fraudsters. Money mules unknowingly assist fraudsters in laundering stolen funds. The source of the stolen funds received by the money mules is often from account takeovers at other financial institutions through online banking systems.

Money mules are most often recruited through bogus job offers for payment processors, financial managers, or overseas representatives. Fraudsters typically find their potential money mules by searching websites where job seekers post their resumes. A key consideration in accepting the position is the ability to work from home.

Upon accepting the job, the money mules are notified they will receive deposits to their accounts via ACH and/or wire transfer. In some cases, the money mules are instructed to open an account at a financial institution in order to receive the funds. The mules are instructed to not share details of their new job with anyone. Upon receipt of the funds, the mules are instructed to either wire the funds to an account at another financial institution (foreign and domestic) or send the funds to individuals via Western Union. The money mules keep a portion of the funds deposited to their accounts as wages.

If You’ve Become a Money Mule, Here’s What Has Gone Wrong:

You’re receiving stolen money. This may be through bogus sales from online auctions or the proceeds of phishing, where crooks have obtained victims’ bank details and are transferring their cash to your account (which is why they often want you to open an account at a particular bank — the same one as their victims).

It may even be cash from crime like drugs and prostitution that the crooks just want to get out of the country. Or someone just sends you a bogus check that you bank and then forward.

You’re taking a cut of the proceeds of crime and transferring the rest via an untraceable money wire to a crook.

You’ve given away your own personal information in that phony employment contract you signed, leaving yourself open to identity theft.

How to Make Sure You Don’t Become a Money Mule:

First and foremost, money forwarding jobs like this don’t exist. Period. There is no law preventing global companies from directly transferring money from one country to another.

Never accept payments from anyone and then transfer part of the proceeds by money wire.

Don’t open a new bank account to receive money from people you don’t know.