Give Me a Call and I Will Scam You

Posted: May 7th, 2024 | Author: | Filed under: IT Related | No Comments »

Imagine receiving an urgent SMS claiming to be from your bank. The message informs you that your credit card has been used for a suspicious transaction. To verify or dispute the charges, you’re instructed to call a provided phone number. Sounds familiar, right? No?

The SMS messages were sent from regular mobile phone numbers, not short code senders. Now, take a look at the phone numbers included in the SMS—they do not belong to the bank. Wait, look closely… What a neat sequence. Coincidence? :

  • 0333100144
  • 0333100566
  • 0333100205
  • 0329350072
  • 0329350078

Earlier this morning, I decided to investigate further. I dialed the suspicious phone number, 0329350078, to understand the scammer’s modus operandi. To my surprise, an IVR system answered, claiming to represent Maybank. I selected the option to “report a suspicious transaction”, and the call was “transferred” to a real person. The person tried to convince me that my card and account had been hacked, and that it would be better to transfer the money to a third-party account before the account was frozen. I was eager to continue the conversation; however, I had a meeting to attend, so I terminated the call.

Later, around 6 p.m., I attempted to contact the same number once more, only to find it unreachable. Subsequently, I tried several other phone numbers, all of which proved to be similarly inaccessible.

A brief inquiry into the reputation (some) of these numbers suggests their involvement in shady activities over an extended period. While my intuition has provided some clues about the owners, I am not donning my investigative hat today, akin to Brian Krebs. Therefore, no disclosures will be made in this post.

Here are some advisory insights for awareness

How does it work:

  • Victims receive an SMS claiming to be from a bank or financial institution
  • The message typically warns of suspicious transactions on their account and provides a phone number to call
  • When victims call the number, they are directed to an Interactive Voice Response (IVR) system that mimics the bank’s
  • official system
  • After selecting the option to report a suspicious transaction, victims are transferred to a real person who attempts to extract personal information or convince them to transfer money to a “safe account”

How to spot it:

  • Be cautious if you receive unsolicited SMS messages related to your bank account/transaction – especially from normal mobile phone number. Banks will usually use short code SMS providers.
  • Look for poor grammar, inconsistent formatting/spacing or spelling errors in the message (if any)
  • Avoid clicking on any links provided in the SMS (URLs in SMS messages are now blocked in Malaysia, except when sent from a short code sender)

Protecting Yourself: Tips and Awareness

  • Stay Informed: Be aware of common scams and their modus operandi. Familiarize yourself with the tactics fraudsters use to deceive victims.
  • Verify Communications: If you receive an SMS or call related to your bank account, verify its legitimacy independently. Do not rely solely on the information provided in the message.
  • Report Suspicious Activity: If you encounter a suspicious SMS or call, report it to your bank and NSRC (997) immediately.
  • Educate Others: Share this information with family and friends to help them stay vigilant against scams.

Stay alert and safeguard yourself from falling prey to scams.

Leave a Reply