Emerging Phone Scams Capable of Evading Email Security

The last decade has seen the fastest evolution of the mobile phone. From calling, texting, video calls and 4k photo capture, there are endless uses for a smartphone.

This versatility is why a device is found in nearly everyone's pocket in the modern world. With this prevalence, the phone has turned into its own mobile-desktop, allowing for internet access, banking, emailing and more. Any device with a collection of private information is bound to attract the eyes of cybercriminals, and the incentive to make money is sure to follow. The mobile phone is certainly no exception.

If you have ever seen a warning about connecting to public wifi, there is a good reason. Mobile phones, when connected to the SMS cellular network, are most commonly connected to some source of internet or wifi, making them a potential target for cyberattackers. Phone scams do not discriminate either, as they are delivered to both organizations and personal email accounts attempting to steal information or money. The mechanics of attacking a mobile phone are simple due to the ever-changing evolution of devices. This article will discuss the newest threats, how to recognize these scams, and will provide a real-life example of an attack in action. 

Mechanics of an Attack

Ironically, as with over 90% of all modern cyberattacks, phone scams begin with an email. Scammers will pretend to be a legitimate company, using their name and logo much like a common phishing email. They then send the target a receipt which allows them to naturally place a phone number they want the target to call. The goal here is realism. Making the message as realistic as possiblspear phishing state will systematically increase the chances of someone falling for the attack. For example, scammers will provide information about the fake order such as an order number or identification, often adding a privacy policy or unsubscribe buttons for realism. Like a traditional scam call, the scammer will pose as a professional offering assistance, attempting to persuade you into giving up personal information- date of birth, address, social security, anything of importance that should never be given out in certain situations. In extreme cases, if the scammer is persuasive enough, they could get access to the victim's computer. By taking a step back we can analyze how a scammer even got their email through filters and protection in the first place. 

With the modern age and technology dependent operations in every business, it is surprising to see simple tactics make their way through advanced systems, but not impossible given the ever-changing landscape. One way scammers avoid scans is by using PDF files. They are sent without much substance in the body so when a user sees an email they feel more prompted to check it out. Another way is using PNGs or JPEGs through embedding since there is no written information that can be taken from an image. Innovative security technology is advancing to catch these stealthy techniques, but without proper inspection they can easily be missed. 

How to Recognize Phone Scams

Geek Squad Phone Fraud ScamIt would be unreasonable to inspect and dissect every email or phone call that comes through everyday. People are the busiest they have ever been and scams do not waste a second in taking advantage of this. In the last two years there has been a 22% increase of lost funds via phone scams and 60% of those calls were made from automated dialing or robocallers. With this in mind, there are still a few tips for helping recognize phone scammers without giving up precious resources. 

First is to just simply not respond to calls from unknown numbers. It can be tricky when waiting to hear back from something like an interviewer whose number probably is not saved, but finding that information out prior will help avoid robocalls. Scammers can also spoof numbers, so the number may look like it is from your area code but actually be fraudulent. If the phone is answered, the scammer may try to apply urgency, making the victim feel they must comply quickly. If the caller claims they are a representative or aid at a well known organization like AT&T or the IRS, they are most likely fraudulent especially if they demand methods for payment. Be aware of these common tactics and report anything suspicious, do not share any financial or login information over the phone and do not grant access to any devices. By engaging in these best practices, any user can greatly lower their chances of being the next victim. 

As mentioned in this article, these phone scams can originate from emails. Scam emails that may have a phone number listed are most likely asking the user to call the number, then activating the previously mentioned effects. 

The Victim of a Phishing Scam That Posed as Tech Support

phone scam news headlineNot everyone is caught up in the methods and current trends. Just before Black Friday in 2022, a New York woman in Spring Valley fell for this scheme. The email sent in this scam appears to be sent from Best Buy’s computer repair service Geek Squad. There’s fake invoice numbers, product codes, customer ID, and a full package of false information. When the fake number is called from the fraudulent email, the scammer portrays themselves as a team member offering assistance, but at this point it is too late.

The woman was told by the scammer that $40,000 had been put into her account by accident, sending her to her actual bank to “refund” the accidental funds, which she did. The Spring Valley Police Department claimed it is almost impossible to catch any scammers after the payment has been made. This should highlight the importance of avoiding these potential threats, as there is no time after to recover any losses or give justice to cybercriminals. 

Keep Learning

It is more important than ever to keep up on malicious trends and scams in the modern world. Entire databases around the world are at risk of being swept from right under a company and the malicious tactics used constantly evolve. Once a scammer has possession of a database, the tactics are put into play and security must be taken seriously. 
It is crucial that email security is at its strongest by adding a middle man with outsourcing. There are multiple ways of preparing your business for cyberattacks to keep employees safe and keep up to date on best practices. Email protection can be improved with cloud-based spam filtering and anti-spam services. There is more to learn with our Phishing eBook. The world of cybercrime is growing, but defenses are growing to meet this challenge!

Must Read Blog Posts

Latest Blog Articles

Recommended Reading