Are you getting scam calls from unknown numbers? What is the caller’s motive? How should you respond?
Scam calls, also called as “Vishing attacks”, are a type of social engineering fraud where a fraudster with a motive of stealing sensitive information and money tries to victimise the user over the phone or to test the health of an existing number.
You already would be a victim of a series of tele-marketing calls. This will be a nuisance for those who have not registered for DND service or for some reason deactivated the same.
The main reason of the scam calls can be attributable to the leaked or sold out personal identifiable information (PII) eg: mobile number, email ID, address, aadhaar number etc by illegal data mining agencies.
These agencies have sources to collect these from your retailer outlets, visitor registers, bankers, school records of your wards, hospital records, online web portals etc and sell it to digital marketing companies. Some of your PII for obvious reasons may even get listed on the dark web which you will not be aware of.
Apart from these regular annoyances, you too may get calls from unknown countries which include one ring-call and robo calls. The recent country codes that have been reported with scam calls are those that begin with: +248 (Seychelles), +676 (Tonga), +674 (Nauru), +222 (Mauritania) and +235 (Chad). These robo calling systems make bulk calls to numbers and your number also could have been listed in their database. If you have received multiple calls from any of these area codes, block those numbers immediately.
Robo Call Threat Actor → Phone numbers, spoofed caller identity information → Auto-Dialer → VoIP service provider → Telecom service provider → Victim
Recently there are reports that the scammers use fake video calls and some users easily fall victim. This is on the rise and an easy way to engage with the user and convince him to reveal sensitive information.
There are multiple ways these bad guys try to exploit if you answer the call
1) By responding you notify the robo-callers that the number is active. This then gets added to the database to be sold to telemarketers for a few dollars.
2) By attending the voice call alone, you cannot be hacked. But you could be a potential target to social hacking/engineering attacks. We all as human beings are emotional, tend to respond to authoritative voices and at times give out the personal information that could lead to our accounts getting “hacked.”
Here are few list of things you can do to minimise the risk
1. Hang up the call
2. Do not give or validate any personal information like date of birth, Credit card number,
Aadhaar number, bank account details etc.
3. Do not press any keys on being instructed by the caller.
4. Try not to say "Yes" or try to correct or validate the caller's query. 5. Try avoiding to return to a missed call from unknown number 6. Do not be hijacked by the caller.
The best way to deal with such a situation is to ignore the caller and in case of repeated attempts the called number may be blocked and added to spam list. Acting smartly and thinking critically can help you dodge against these scamsters.
Stay safe and stay secure.
(Writer is a Cyber Security Evangelist. Presently head of Cybersecurity at UL Technology Solutions)