Phone Phishing Scam: How to Identify and Avoid

Scammers are constantly coming up with new tricks and ways to trick us, so attempts to protect mobile devices have already become a part of our digital life. However, some types of fraud are difficult to identify, so it is important to keep an eye on new cheating schemes and be able to identify them. It is much more efficient than recovering stolen accounts.

What is a phone phishing scam?

Mobile phones have become one of the most valuable assets for us, and cybercriminals know about it. We carry them with us at all times and use them to access critical information. Our phones are linked to bank accounts, email and other sensitive data, making them ideal targets for intruders.

The task of a phone scammer is to force you to infect your device yourself or transfer confidential information to it.

The most popular types of a phone phishing scam are:

• Messages about mobile phone infection with malware;
• SMS phishing;
• Fraudulent phone calls;
• Dropping calls.

Mobile phone malware infection messages

In this type of fraud, a fake malware detection message is displayed on the device screen.

This could happen to you while browsing the Internet. Messages usually say that malware was found on your phone during the scan and you need to take urgent action.

You will be prompted to download an “antivirus” which is actually malware or spyware. After the malicious code infiltrates your smartphone, attackers can gain full access to it or infect other devices. The easiest way to protect yourself from such attacks is to install protection on your phone, such as antivirus for Android devices.

Telephone phishing

Phishing is a type of scam in which people call you trying to induce you to take some action.

Scammers usually pretend to be real people or companies in order to gain your trust. They may say they work for a real organization to convince you to give them your personal information or transfer money.

And actions are expected from you right during the telephone conversation. Scammers create a sense of urgency so you panic and do what they want. That is why they ask you to pay or disclose data right during the call, rather than asking you to perform some additional action later (after the end of the call).

SMS phishing

With SMS phishing, attackers will call you to action using text messages.

This message may contain a malicious link that can be used to download malware or spyware to your device. But sometimes attackers force the victim to perform other actions, such as calling back a premium number, subscribing, or giving out personal information.

Dropping calls

Dropping calls are calls from an unknown number that only last a couple of seconds. This is done in order to force you to call back to this number. Typically, this pattern works when your curiosity outweighs critical thinking. The trick is that a callback to a suspicious number will be charged. This is where the scammers make money. Usually, these calls are made from international numbers. Sometimes scammers leave a message in the voicemail – this increases the chance that you decide to call back. Be careful when receiving calls or listening to voicemail from an unknown number.

How do you know if you are facing a mobile scam?

The goal of any type of fraud is to play on emotions and make you trust the fraudster. Here are some of the tricks that cybercriminals love to use:

• The feeling of impending danger pushes you to take action. If it seems to you that you need to do something urgently, otherwise trouble will happen, you should stop and think. Any official company representative who calls you will answer all your questions and confirm the need to perform the required action. Fraudsters will press even harder. Popular topics of fraudulent schemes focusing on urgency: debts, tax refunds, or indications of suspected violations of the law;
• Empathy arising in response to a request for help for those in need. Refusing to comply with such a request is more difficult. If you feel guilty about doubting the real reason for contacting you, this should be the first call. Fraudsters can pretend to be charitable workers or make up a different story or mention a recent natural disaster or other pressing issues;
• Big promises. The prospect of getting a reward can push you to comply with the scammer’s request. If you feel excited or hopeful about your offer, it’s worth considering. For example, you may be told that you won money or received a huge discount on a sea trip;

In any case, you will be asked to do something to receive a reward. Here are the most popular requests to be careful about:

• Pay for something, especially cash or a gift certificate. It will be very difficult to recover such payments;
• Provide personal information such as bank account number, insurance policy number, or credentials;
• Go to the website using the link to log into your account or find out more information;
• Download a file or application, such as antivirus.

If you have received a call or sent an SMS with a request to do one of the above, be careful. In most cases, you should either refuse to comply with the request or postpone it and look for detailed information.

How to protect yourself against mobile scams?

The best way to protect yourself from fraudsters is to be mindful of phone communications. There are some additional measures to ensure the security of confidential data.

Here are some helpful tips for protecting against mobile fraud:

1. When connecting to public Wi-Fi networks, use virtual private networks (VPNs). VPN encryption will hide the transmitted information from prying eyes. These services also provide anonymity so that you cannot be tracked down by your IP address or other means;
2. Set up strong passwords. Never use the same password twice. You’d better create passwords from a random set of characters. Alternate case and use numbers and special characters in addition to letters. If your password is a passphrase consisting of several short and memorable words, replace some letters in it with symbols or numbers;
3. Use a long PIN. If your device allows it, set a six-digit PIN on the lock screen instead of a four-digit PIN. A six-digit PIN provides more combinations, making it difficult for an attacker to hack into your phone or accounts. Never use dates and other personal data as a password, as hackers first of all try information that can be found about you on the Internet. Also, do away with standard number combinations like “0000” or “1234”;
4. Store your passwords in a secure online vault. In order not to forget your passwords and PIN-codes, use a service like Password Manager. Never write down passwords in a notebook or in notes on your phone – this is extremely insecure. Password managers encrypt your data in such a way that attackers cannot spy on it. You will need to remember only one password – from the Password Manager storage. Of course, it must be made as complex and reliable as possible so that no one can access it;
5. In real lotteries, no one will demand money from you. If someone asks you to pay for a prize, give up as you are possibly dealing with scammers;
6. Install a call blocking app. These apps protect your phone from illegal calls made by robots and other types of phone scams. However, they do not always work perfectly and may send real numbers in spam. Fortunately, many applications mark incoming calls as potential spam and you may decide whether to pick up the phone or not;
7. Stay out of the conversation and hang up. Any form of participation in a conversation can provoke even more calls. Do not click on buttons to navigate the automated menu and do not respond to live operators if they suspect something is wrong. Just hang up and search the Internet for information about the caller if you are still curious;
8. Use only official apps. Using third-party applications to log in to services such as online banking and social networks makes your device vulnerable to unauthorized access. Besides, if you provide your credentials to a third party, you could lose them if you fall victim to phishing. It is recommended to avoid applications designed to work with several services at once: always make a choice in favor of official programs;
9. Check phone bills. If you find unauthorized charges on your account, you are probably the victim of an attacker. If this happens, immediately contact the operator and demand a refund. Even if the reason for such a charge was not fraud, you will finally turn off unwanted services that have accumulated over the years;
10. Install protection on your phone. The easiest way to keep your internet privacy and data on your phone safe is to protect it. With a Family subscription, you can set up parental controls to protect yourself, your partner, and your kids, if you have one.