What could be one of the easiest ways to trick someone into getting their money?
Table of Contents
ΘDid you take the bait?
Imagine you get a phone call from your bank telling you that your account has been compromised and that in order to keep your money safe, you need to confirm your personal information. The urgency of the phone call and the "panic" in the bank "employee's" voice may actually be enough to get you to share sensitive information. The problem is, that person may not be related to your bank – or may not even exist, warns the global security software company's team ESET. It could just be a voice created with the help of technology that sounds perfectly human.
This is not at all unusual and examples in recent years are numerous. In 2019, the CEO of a UK energy company was tricked by a voice deepfake that sounded like the voice of the CEO of the parent company in Germany and paid almost 220.000 euros. In the same way, an employee in the accounting department of a multinational company was defrauded through a deepfake video call in 2024, costing his company US$25 million.
Artificial intelligence, the catalyst
With modern voice cloning and translation capabilities offered by artificial intelligence, the vishing and smishing have become easier than ever. THE Jake Moore, its Global Cyber Security Advisor ESET, showed the ease with which anyone can create a convincing version deepfake someone else's – including someone you know well. Now we can trust neither our eyes nor our ears.
Artificial intelligence is lowering the bar for cybercriminals, serving as a versatile tool for collecting data, automating tedious tasks and enabling victims to be reached internationally. Consequently, the Phishing using AI-generated voices and text will become more common.
At this point, a her recent report Aeneas recorded a 1.265% increase in fraud Phishing from its release Chat GPT in November 2022 and highlighted the potential for large language models to help fuel such malicious enterprises.
What is your name and phone number?
As evidenced by his research Consumer Reports by 2022, people are more privacy conscious than before. About 75% of respondents were concerned about protecting their data collected online, which can include phone numbers, as it is a valuable source for both identification and advertising.
But now that we've left the age of phone books behind, how does this connection between phone numbers and advertising work?
Consider the following illustrative example: a sports fan placed game tickets in the cart of a dedicated ticketing app, but did not complete the purchase. And yet, shortly after closing the application, he received a phone call offering him a discount on the tickets. Of course, he was confused since he didn't remember giving his phone number to the app. How did they find his number then?
The answer is – through detection (tracking). Some Trackers they can collect certain information from a web page, so after you fill in your phone number on a form, one Tracker it could track and store it to create what is often called personalized content and experience. There is an entire business model known as “data brokerage', and the bad news is that it doesn't take a breach to make the data public.
Tracking, data brokers, and leaks
Data brokers are companies that gather your personal information from publicly available sources (government agencies), from commercial sources (companies such as credit card providers or stores), as well as from monitoring your online activities (social media activities, clicks on ads, etc.), before selling that information to others.
The question of course is: how can scammers get hold of other people's phone numbers?
Looking for victims
The more companies, websites and apps you share your personal information with, the more detailed your personal “marketing profile” becomes. This also increases the risk of data leaks, since the data brokers they may experience security incidents. A data broker it could also sell your information to others, possibly to malicious actors.
But the data brokers, or the breaches that affect them, aren't the only source from which fraudsters can obtain phone numbers. Her team ESET lists some of the ways criminals can get your phone number:
- Public sources: Social networking sites or online job platforms may display your phone number. In case your privacy settings are not selected correctly or you are not aware of the consequences of disclosing your phone number on your social media profile, your number can be available to anyone, even a websites scraper artificial intelligence.
- Stolen accounts: Various online services require your phone number, either to confirm your identity, to place an order, or to serve as an authentication factor. When your accounts are compromised due to weak passwords or one of your online providers is compromised, your number can easily be leaked.
- Automatic calls: Scammers call random numbers and once you answer the call, you may become a target of a scam. Sometimes these answering machines call just to confirm that the number is in use so it can be added to a target list.
- Post office: Check any recent deliveries of yours – these will usually have your address visible on the letter/box, but in some cases they may also have the Email or your phone number. What if someone stole a letter or looked through your trash?
O American telecommunications group AT&T recently disclosed that the call and text message records of millions of customers from mid to late 2022 were exposed in a massive data breach. The phone numbers of almost all of the company's customers and people using the mobile network were stolen, as well as data on the duration of calls and the number of calls. The content of the calls and texts were not reportedly included in the breached data, the report said CNN.
According to information, the blame can be attributed to a platform cloud of a third party, which was accessed by a malicious actor.
How to protect your phone number
So how can you protect yourself and your phone number? Here are some tips from her team ESET:
- Your Mind on Phishing (Phishing). Never answer spam/calls from unknown numbers, don't click on random links in your emails/messages and remember to keep your cool and think before reacting to a seemingly urgent situation, because that's how they trap you.
- Ask the provider your about its security measures SIMs.. They may have, for example, an option to lock the card to protect against SIM Swapping, or additional layers of account security to prevent fraud such as call forwarding.
- Protect your accounts with two-factor authentication, ideally using special security keys, apps or biometrics instead of verification via SMS.
- Think twice before giving your phone number to a website. While using it as an additional recovery option for your various apps can be useful, other methods such as secondary emails/verification apps (authenticators), could offer a safer alternative.
- For online shopping, consider using a prepaid card SIMs. or a service VoIP instead of your regular phone number.
- Use a reliable security solution for mobile with call filtering and make sure the cookies third parties in your browser are blocked. Explore other privacy-enhancing tools and technologies.
In a world that increasingly relies on electronic record keeping, it's almost impossible that your phone number isn't stored somewhere. And as the incident with her suggests AT&T, relying on the security of your own telecom provider is not enough. But that doesn't mean you should become paranoid.
These incidents highlight the importance of following cyber-health rules and protecting your data online. Vigilance is still key, especially considering the implications of the new AI-powered (under)world.