Telephone scams are nothing new. Almost all of us will have taken a call from someone claiming to be from our bank. Or a helpful representative of Microsoft who needs to help us fix our computers.
And because these scams are so common, we’ve got pretty good at spotting them. Which means we are also much less likely to fall victim to them.
Unfortunately, scammers have found other profitable phone scams – and they don’t even need to talk to you.
“Guess the password” scams
Almost every big business – including banks – now rely on call centres to provide help and support to customers. In general these services work quite well, but they can be compromised by determined criminals.
Often these call centres verify customer identity with relatively basic questions. What town were you born in? What is your mother’s maiden name? In the age of Facebook and over-sharing on social networks, this information is surprisingly easy to come by.
The scammer simply calls your bank, answers the relevant security questions and they can take full control of your account. As far as the bank knows, the caller is you.
Other phone services are protected by a 4-digit PIN number. The operator asks for the number – or some specific digits – before permitting access to the account.
The problem with PIN numbers is that there are just 10,000 possible combinations. Given enough time, criminals can simply keep calling in and guessing new combinations until they get the right one.
Both of these attacks work well – and neither requires you to speak with to the hacker.
Hackers are also turning to text-only attacks as a way to trick unsuspecting victims into handing over sensitive personal information like passwords. Scammers will often send a text message pretending to be from your bank.
These messages may ask you to text back to confirm your identity. They will ask for a password or PIN for instance – details they can then use to log into your account.
Other messages may contain a link. Tap the link and you land on a website that looks just like your bank’s. When you try to log in, nothing happens – as far as you can tell. But in reality, the scammers have managed to steal your user name, password and other important information that can be used on the real bank site.
By the time you realise, scammers may have already emptied your account. And again, they’ve done it using your phone – but without ever speaking to you.
Protect yourself against no-talk scams
Protecting yourself against no-talk scams is a three-step process. First you must choose security passphrases that are not easily guessed. Select security questions like “What was the name of your first teacher at school?” for instance.
Second, realise that your bank will never send you an SMS asking for your password or other details. And they will never send a link in their messages either – they will simply ask you to visit the website. It is then down to you to open the browser or app manually.
Third, make sure that you have anti-malware like Panda Security installed on your smartphone (free trial here). This will help prevent your phone from being hijacked by malware. And a premium VPN will protect you from fake websites and dodgy links.
No-talk scams are a significant risk to everyone – including you. But they can be avoided using these tips.
For more help and advice about staying safe online, check out the Panda Security blog.