SBN

PSA: Users with landlines are more vulnerable to scams

It’s time to have “the talk” with your parents, relatives, and loved ones. Anyone still using a landline must be warned: having a home phone makes you particularly vulnerable to scams.

We know here at Malwarebytes that our readers are often the unofficial “IT” department for their families, relatives, and friends. While suggesting to your folks that they discontinue having a landline might not go over well, we still need them to at least be wary of that telephone and the types of calls they might receive on it.

What was once an essential communication tool is now a gateway into your home—a scam delivery mechanism.

Looking at all the inbound calls that my relatives with landlines were receiving left me with a sneaky suspicion that they must have landed on a “victim list” of sorts. Types of scam calls included:

  • Tech support scams (as many as several times a day)
  • Robocalls
  • Charity requests (some more dubious than others)
  • Political calls
  • Surveys
  • IRS/Bank/FBI/Police scams (more tax scams during tax season)

While they do not wish to part with their landlines, I have investigated some other possible solutions for my relatives to avoid scams.

I found some call blocker hardware. However, reviews indicated that this wasn’t particularly effective against scammers. For example, this solution wouldn’t stop tech support scammers that spoof residential numbers.

I also found another device that requires a password before allowing the phone to ring from all inbound calls.

Neither of these felt like an acceptable solution.

Ultimately, knowledge is power, so I’m choosing to explain all the scams that they encountered. In addition, I’d like to point out our tech support scam resource page.

Microsoft tech support

The standard, tried and true tech support scam. These are either initiated from a cold call, “Hi, I’m from Microsoft!” or by driving potential victims to make a call to “Microsoft tech support” themselves after being served a malicious pop-up or browser locker with the specific intent of tricking users into thinking their computer is infected. and they need to pay tech support to fix it.

This scam has many variants. The scammers will claim to be the official support for any number of security products. They will try to impersonate Microsoft or other antivirus companies. They have even tried to impersonate Malwarebytes.

There’s a simple fix for this scam. If you get a call from “Microsoft,” hang up immediately. They will never call you. There is no “Internet Tech Support,” and your connection is not monitored for emanating threats.

Note that Microsoft does not send unsolicited email messages or make unsolicited phone calls to request for personal or financial information, or fix your computer.

Unfortunately, most scammers have now switched to pop-ups driving the victims to initiate the call. Even worse, browlocks or browser lockers that effectively prevent further use of the computer is on the rise.

Banks, FBI, police, and the IRS

Scammers will impersonate institutions of authority.

These types of institutions almost never call. If they do, simply ask for their name and their department, and inform them you will call them right back. If they politely say they understand and give you their information, there is a good chance this is a legitimate call. (Keep in mind that it is extraordinarily rare for the FBI, banks, IRS, or police to initiate a call.)

Use the Internet to double-check the number to call back. The scammers may try to be helpful and provide you with theirs, but a quick Google search of their phone number can tell you where they’re calling from (and if that matches with where their company headquarters is located).

If the person on the other end of the line gets angry or starts threatening you, guess what? They’re a scammer. Remember, they’re trying to instill in you a sense of urgency in order to override your common sense.

Stranded grandchildren

An especially heinous scam, this variant targets grandparents using classic psychological manipulation. The scenario is that their grandchild is calling from jail, arrested for disorderly conduct, and this is their one phone call. Sense of urgency? Check. Fear for a loved one? Check. Common sense thrown out the window? Check.

This scam usually tries to get Grandma to send money “for bail” via MoneyGram or Western Union.

So what happens if you get a call from someone claiming to be your grandchild stuck in jail? Well, much of this scam relies on grandparents being less in-the-know about their grandkids. Do they know what her voice sounds like? Her phone number? Would she never be arrested for disorderly conduct?

If you don’t know for sure, verify with other family members. Text the child’s parents while on the landline with her. Confirm that the family member is who she claims to be by asking personal questions only the relative would know. Scammers will try to fudge through details. Some might start crying. Again, the sense of urgency is pivotal in this scam.

Remember this: If your grandchild were truly in trouble and in jail, would you be the one person she would call? If that’s true, then you’d know if it were her on the other end of the line within seconds. If you’re not her go-to person, then it’s fair to ask more questions and to check in with other family members about the legitimacy of the call. You can even hang up and call back your grandchild on her cell. Chances are, she’ll pick up and have no idea who called you just now.

Caller ID is bunk

Nowadays, you can’t just trust that your caller ID will flag suspicious numbers. The responsibility of caller ID lies with the originating call. And if that caller is a scammer, then they know caller ID is trivial to spoof. Scammers have long since figured out how to spoof numbers so that it appears they’re coming from a familiar, local area code, as it greatly increases their chances at a successful scam. Both the Microsoft tech support call and the fake IRS calls use spoofed caller ID.

I demonstrated how easy spoofing was by using an app on my phone and making a call that appeared to originate from somewhere else. For a technical explanation of how caller ID spoofing works, check out this YouTube video.

TLDR

  • Never allow anyone remote access to your computer.
  • Is there a pitch for a product/service/subscription? It’s probably a scam.
  • Is there a sense of urgency? IRS + “you will go to jail!” = scam!
  • Caller ID is bunk. Don’t trust it.
  • No legitimate institutions will want Apple iTunes cards or any other gift card as a payment form.

When it comes to using a land line, I don’t think there’s an ideal solution—one that guarantees 100 percent safety. However, armed with the right amount of knowledge, users can easily fend off scams—and stop being afraid of their phone.

Do you know someone who still has a landline? Have you had to explain scams to your relatives? Ever encounter any different scams than the one mentioned by phone? Please don’t hesitate to share your stories with us in the comments.

*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by Jean Taggart. Read the original post at: https://blog.malwarebytes.com/malwarebytes-news/2018/06/psa-users-landlines-vulnerable-scams/