Fraudulent Calls that Don’t Make Sense

I am going to present a few fraudulent phone call scenarios that exist in the real world and that claim numerous victims, and you see if you can determine what the scammers are doing that actually doesn’t make sense if you stop and think about it:

  1. A caller claims to be a Social Security Administration representative calls and warns you that your benefits are about to be suspended because of some problem or other. The caller ID shows the correct SSA customer service line. She needs you to verify your Social Security number in order to fix the issue.
  2. A caller claims to represent a credit card company. He says that your card has been deactivated due to suspicious activity. In order to get your card working again, he needs the card number, expiration date, and three-digit code from the back of the card.
  3. A caller claims to be a Medicare representative and informs you that your benefits are going to be suspended because of an issue. Before he can fix the problem, he needs you to verify your Medicare ID number.

Did you catch it?

In every case, the caller is asking for a piece of information that the claimed agency or company would already have…because they created that piece of information in the first place.

  • The Social Security Administration has your Social Security number. They’re the ones who assigned it to you.
  • Your credit card company assigned your card number and other details to you. They already know it.
  • Medicare already knows your ID number because they gave you that number. If there’s a problem with your account, it’s one piece of information they don’t need.

(You could also make the more general observation that these all involve a stranger attempting to alarm you and then asking for personal information, but these specific questions should really tip you off that the caller is not who he or she claims to be.)

DEA Scam (or: How Law Enforcement Works)

I’m proud to say I don’t have any firsthand knowledge of how arrests are made by federal agencies such as the DEA.

And I intend to keep it that way, thank you very much. If I was going to make a list of “Things That Aren’t Worth the Trouble,” violating federal drug enforcement laws would be in the top five, along with “trying to play King’s Quest III without hints” and talk radio.

However, I read. I’ve seen a few news stories in my day. I listen. I’m educated enough to make a few guesses here and there, so I’m pretty confident in this assumption:

When the DEA is going to arrest you, they do this: show up with very little warning (usually none), place you in handcuffs or similar restraining device, read all the “rights” stuff and place you in an official vehicle (or “cuff ’em and stuff ’em,” if you’re Roscoe P. Coltrane).

When the DEA is going to arrest you, they don’t do this: call you on the phone a couple hours in advance to leave a message telling you of the impending arrest, and then offer a way for you to cough up some money to get out of it.

However, this is the basis of a current telephone scam. They accuse you of purchasing illegal diet pills on the Internet, then tell you the warrant will go away if you just pay some money.

I’m no expert on Standard Operating Procedure, but I’ll bet you a dollar-dang-fifty that ain’t it.

If you get one of these calls or messages claiming to come from the DEA (or ATF, FBI, CIA, Interpol, Scotland Yard, the dudes on Barney Miller or anybody else), here’s what you should do: hang up (or erase the message) and go about your day.

Vishing attack using REGIONAL Federal Credit Union

Phishing, vishing and SMiShing perpetrators usually go for the larger, national retail banks (Chase, Fifth Third, etc.). Their reasoning is that these banks have millions of customers, so if you send out ten million emails, half a million of those people will actually be customers of whatever bank you’ve chosen to impersonate (and several thousand will actually fall for it).

Sometimes they go for the smaller financial institutions, though. Just over the past few days, people have reported receiving calls that claim to come from REGIONAL. Hey, that’s us!

These calls attempt to trick victims into entering their debit card numbers on the phone’s keypad. Since we’ve received several reports from people who tell us they just hung up, I take it as a good sign that many of our members aren’t being fooled, but as I’ve said before: nobody is invulnerable. Even a jaded, cynical scam blogger can be tricked, given the right (or wrong, I suppose) circumstances.

This is one of those cases where asking, “Who initiated contact?” is your best friend. Your phone rang and someone asked you to reveal personal information. That’s your cue to hang up the telephone. No financial institution has any reason to call you and ask for information that they gave to you in the first place.

Gone Vishin’

It’s 9:30 at night when the phone rings.

The Caller ID displays “Card Services” and a toll-free number.

You pick up the phone, and an automated voice informs you that “your card has been compromised.” It gives you a phone number to call to take care of the issue. The phone number is the same number on the Caller ID display.

Now…what should you do?

If you answered, “hang up and ignore the call,” you’re right.

Currently, there is a move towards integrating older technologies with the Internet. Eventually, I believe these technologies will be fully integrated; your television signal, Internet connection and telephone service will all be traveling along the exact same lines as part of the same service. These different technologies will also become more “seamless” over time—there will be less of a distinct divide between how you use your TV and your computer, and between the content you will receive from both. Okay, you’ll probably still use your phone to call Mom, but the signal will be digital, and it will be traveling through the Internet.

However, there is a downside, at least for the time being: vishing. Using Internet telephone services (Voice over Internet Protocol, or VoIP), criminals are able to spoof Caller ID information, to make a phone call appear to be from a trusted entity such as a financial institution or credit card issuer.

Let’s face it, you’re more likely to believe a call from “Card Services” than you are a “Blocked Call” or “Unknown Caller.” And that’s the basis of how Vishing works.

What happens if you call the number as instructed? You will be instructed to enter your credit or debit card number, expiration date, PIN and other security information. This is pretty much everything a crook needs to use your card for fraudulent purposes. They might also attempt to get your personal information, such as date of birth or Social Security number—basically, everything they would need to commit identity theft.