Tuesday 24 October 2023

Number Spoofing Scam

When somebody rings you, can you always trust the phone number that they are calling from? The answer is no, because scammers are increasingly using a technique called ‘number spoofing’, where they can mimic the number of a real company, and make it pop up on your phone screen when they call.

Nick Stapleton has been investigating number spoofing scams for BBC Morning Live, including a case where criminals spoofed the phone number of the UK Supreme Court to fool people into handing over their money.

Nick met with ethical hacker Doug Tognarelli, who works with businesses to increase their cyber security. In less than five minutes, he showed that he was able to spoof the phone number of the Supreme Court: the final court of appeal in the UK for all civil cases and most criminal ones.

Nick Stapleton met with Maia, a forensic scientist, who was scammed in May. She received a call saying she had been the victim of identity theft, and that someone from the Supreme Court would follow up directly. She was told to search for the court’s phone number online, and it did indeed match.

Maia told Morning Live: “They told me that they needed me to move my money to other safe accounts, because the investigation now will start, and then my bank accounts would be blocked. I was scared and I was like, hold on a second, Who am I transferring the money to? and the tone changed a bit; she was kind of threatening and told me that I had to cooperate”.

To make the scam more convincing, Maia was told the call was also being monitored by the Ministry of Justice, and that she would receive a further call from them. Again, the phone number tallied up with the official one for the government department, which oversees courts and prisons.

Maia felt pressured into cooperating with the caller, and she began to transfer money. After being on the phone for over two hours, she had transferred more than £10,000.

Maia started to feel suspicious; so she went to the Supreme Court’s website. There she discovered a warning about scammers cloning their phone number. She said: “I was in a state of shock, and then I said ‘you need to stop now, I know that you're a hacker. I'm going to call the police’. At that moment, she hung up.”

Maia reported the scam to her banks and luckily she was able to get most of her money back.

In response to the BBC investigation, a spokesperson from the UK Supreme Court said: “We know that scammers are cloning our phone number and logo and have advisory messages to the public on our website. We never call asking for money or threatening arrest and advise people receiving a call, letter, or email to follow the scams advice on our website.”

The Ministry of Justice told Morning Live: “We sympathise with anyone affected by these shameful scams. The Ministry of Justice will never contact you using an automated message. If you receive a call like this please hang up and report it to Action Fraud.”

The Do Not Originate list is designed to stop scammers using phone numbers to trick people. It’s run by communications watchdog Ofcom, and stops certain numbers from being spoofed before a call can connect. Companies, government agencies like HMRC, and other public bodies can add their phone numbers to the list (pdf).

Ofcom has told the BBC: “Scammers can cause huge distress and financial harm to their victims, and protecting people from harm is a priority for Ofcom. These criminals are becoming more sophisticated and tackling them requires efforts from a range of bodies. We’re working closely with the police, other regulators and industry to tackle the problem.

“One of our initiatives in countering scam calls is the Do Not Originate list. This has proved to be an effective tool, and we review and update the list regularly. We don’t make its contents public, to reduce the risk of scammers using this information to their advantage”.

Be Scam Safe. Remember:

• Never give out your personal information in response to an incoming call, or rely upon the Caller ID as the sole means of identification, particularly if the caller asks you to carry out an action which might have financial consequences. No legitimate organisation will ever ask you to transfer money over the phone.
• It’s OK to hang up on a caller if something doesn’t seem right. You could be stopping a scam from happening.
• If you want to check if it’s a genuine organisation that has called you, you can hang up and call them back. Call the phone number on the organisation’s website. Remember this scam only works with incoming calls, not outbound ones that you make.
• Wait for a few minutes before making the call - this ensures the line has cleared and you're not still speaking to the fraudster or an accomplice.
• If someone calls you saying they are from your bank, you can hang up and call 159 to be connected to most major UK banks.” 159 cannot be spoofed and will never call you.

Source: BBC Morning Live (23 October 2023)

Fake antivirus scam emails return

Which? have seen a resurgence in fake AVG and McAfee antivirus emails trying to trick people into 'renewing' antivirus software. The...