Emerging Phone Scams Capable of Evading Email Security

The last decade has seen the fastest evolution of the mobile phone. From calling, texting, video calls, and 4k photo capture, a smartphone has endless uses. This versatility is why a device is found in nearly everyone's pocket in the modern world. With this prevalence, the phone has turned into its mobile desktop, allowing internet access, banking, emailing, and more. Any device with a collection of private information is bound to attract the eyes of cybercriminals, and the incentive to make money is sure to follow. The mobile phone is certainly no exception.

If you have ever seen a warning about connecting to public wifi, there is a good reason. Mobile phones, when connected to the SMS cellular network, are most commonly linked to some source of internet or wifi, making them a potential target for cyber attackers. Phone scams do not discriminate; they are delivered to organizations and personal email accounts attempting to steal information or money. The mechanics of attacking a mobile phone are simple due to the ever-changing evolution of devices. This article will discuss the newest threats, how to recognize these scams, and will provide a real-life example of an attack in action. 

Mechanics of an Attack

Ironically, as with over 90% of all modern cyberattacks, phone scams begin with an email. Scammers will pretend to be a legitimate company, using their name and logo like a typical phishing email. They then send the target a receipt which allows them to naturally place a phone number they want the target to call. The goal here is realism. Making the message as realistic as possible will systematically increase the chances of someone falling for the attack. 

For example, scammers will provide information about the fake order, such as an order number or identification, often adding a privacy policy or unsubscribing buttons for realism. Like a traditional scam call, the scammer will pose as a professional offering assistance, attempting to persuade you into giving up personal information- date of birth, address, social security, or anything of importance that should never be given out in certain situations. In extreme cases, if the scammer is persuasive enough, they could get access to the victim's computer. By taking a step back, we can analyze how scammer even got their email through filters and protection in the first place. 

With the modern age and technology-dependent operations in every business, it is surprising to see simple tactics make their way through advanced systems, but possible given the ever-changing landscape. One way scammers avoid scans is by using PDF files. They are sent without much substance in the body, so when users see an email, they feel more prompted to check it out. Another way is using PNGs or JPEGs through embedding since no written information can be taken from an image. Innovative security technology is advancing to catch these stealthy techniques, but they can easily be noticed with proper inspection. 

How to Recognize Phone Scams

Inspecting and dissecting every email or phone call that comes through every day would be unreasonable. People are the busiest they have ever been, and scams do not waste a second in taking advantage of this. In the last two years, there has been a 22% increase in lost funds via phone scams, and 60% of those calls were made from automated dialing or robocalls. With this in mind, there are still a few tips for helping recognize phone scammers without giving up precious resources. 

The first is simply not responding to calls from unknown numbers. It can be tricky when waiting to hear back from something like an interviewer whose number probably needs to be saved, but finding that information out prior will help avoid robocalls. Scammers can also spoof numbers, so the number may look like it is from your area code but be fraudulent. If the phone is answered, the scammer may try to apply urgency, making the victim feel they must comply quickly. If the caller claims they are a representative or aid at a well-known organization like AT&T or the IRS, they are most likely fraudulent, especially if they demand payment methods. 

Be aware of these common tactics and report anything suspicious, do not share any financial or login information over the phone, and do not grant access to any devices. By engaging in these best practices, any user can significantly lower their chances of being the next victim. 

As mentioned in this article, these phone scams can originate from emails. Scam emails with a phone number listed are most likely asking the user to call the number, then activating the previously mentioned effects. 

The Victim of a Phishing Scam That Posed as Tech Support

Only some people are caught up in the methods and current trends. Just before Black Friday in 2022, a New York woman in Spring Valley fell for this scheme. The email sent in this scam appears to be sent from Best Buy’s computer repair service Geek Squad. There are fake invoice numbers, product codes, customer IDs, and a complete package of false information. When the phony number is called from the fraudulent email, the scammer portrays themselves as a team member offering assistance, but it is too late.

The scammer told the woman that $40,000 had been put into her account by accident, sending her to her actual bank to “refund” the accidental funds, which she did. The Spring Valley Police Department claimed it is almost impossible to catch any scammers after the payment. This should highlight the importance of avoiding these potential threats, as there is no time after to recover any losses or give justice to cybercriminals. 

Keep Learning About Protecting Against Phone Scams

It is more important than ever to keep up with malicious trends and scams in the modern world. Entire databases worldwide risk being swept from under a company, and the negative tactics used constantly evolve. Once a scammer possesses a database, the tactics are put into play, and security must be taken seriously. 

• Email security must be at its strongest by adding a go-between with outsourcing.
• There are multiple ways of preparing your business for cyberattacks to keep employees safe and up-to-date on best practices.
• Email Protection can be improved with cloud-based spam filtering and anti-spam services. 
• There is more to learn with our Phishing eBook. Cybercrime is growing, but defenses are evolving to meet this challenge.