Give Me a Call and I Will Scam You
Posted: May 7th, 2024 | Author: xanda | Filed under: IT Related | No Comments »Imagine receiving an urgent SMS claiming to be from your bank. The message informs you that your credit card has been used for a suspicious transaction. To verify or dispute the charges, you’re instructed to call a provided phone number. Sounds familiar, right? No?
The SMS messages were sent from regular mobile phone numbers, not short code senders. Now, take a look at the phone numbers included in the SMS—they do not belong to the bank. Wait, look closely… What a neat sequence. Coincidence? :
- 0333100144
- 0333100566
- 0333100205
- 0329350072
- 0329350078
Earlier this morning, I decided to investigate further. I dialed the suspicious phone number, 0329350078, to understand the scammer’s modus operandi. To my surprise, an IVR system answered, claiming to represent Maybank. I selected the option to “report a suspicious transaction”, and the call was “transferred” to a real person. The person tried to convince me that my card and account had been hacked, and that it would be better to transfer the money to a third-party account before the account was frozen. I was eager to continue the conversation; however, I had a meeting to attend, so I terminated the call.
Later, around 6 p.m., I attempted to contact the same number once more, only to find it unreachable. Subsequently, I tried several other phone numbers, all of which proved to be similarly inaccessible.
A brief inquiry into the reputation (some) of these numbers suggests their involvement in shady activities over an extended period. While my intuition has provided some clues about the owners, I am not donning my investigative hat today, akin to Brian Krebs. Therefore, no disclosures will be made in this post.
Here are some advisory insights for awareness
How does it work:
- Victims receive an SMS claiming to be from a bank or financial institution
- The message typically warns of suspicious transactions on their account and provides a phone number to call
- When victims call the number, they are directed to an Interactive Voice Response (IVR) system that mimics the bank’s
- official system
- After selecting the option to report a suspicious transaction, victims are transferred to a real person who attempts to extract personal information or convince them to transfer money to a “safe account”
How to spot it:
- Be cautious if you receive unsolicited SMS messages related to your bank account/transaction – especially from normal mobile phone number. Banks will usually use short code SMS providers.
- Look for poor grammar, inconsistent formatting/spacing or spelling errors in the message (if any)
- Avoid clicking on any links provided in the SMS (URLs in SMS messages are now blocked in Malaysia, except when sent from a short code sender)
Protecting Yourself: Tips and Awareness
- Stay Informed: Be aware of common scams and their modus operandi. Familiarize yourself with the tactics fraudsters use to deceive victims.
- Verify Communications: If you receive an SMS or call related to your bank account, verify its legitimacy independently. Do not rely solely on the information provided in the message.
- Report Suspicious Activity: If you encounter a suspicious SMS or call, report it to your bank and NSRC (997) immediately.
- Educate Others: Share this information with family and friends to help them stay vigilant against scams.
Stay alert and safeguard yourself from falling prey to scams.
Leave a Reply