What Is Smishing? Definition, Examples & Protection
Modern communication is largely dominated by mobile devices and cybercriminals have devised new ways to exploit unsuspecting users. One such method that has gained significant attention is smishing—a malicious practice that aims to deceive and defraud people through text messages. Short for “SMS phishing,” smishing utilizes persuasive messages to trick recipients into revealing sensitive information or downloading harmful content.
This article delves into the world of smishing, shedding light on its definition, providing real-life examples and equipping readers with essential protection measures. By understanding the intricacies of smishing and staying vigilant, you can fortify against this evolving cyber threat and safeguard your personal and financial well-being…
Imagine you’re in sales and you discover a magic phone number that guarantees a prospect’s unwavering attention and an extended conversation on the other end of the line. Sounds like a pretty nifty setup, right? That is, essentially, what a contact center is to someone in the business of scamming. Any time, any day, bad actors can prey on contact centers, where agents are expected to be accommodating, engaging and helpful. A 2020 study by Neustar found that 45% of unwanted calls are scams.
Contact center employees can be trained to look out for suspicious behavior, and policies can be set to try to prevent sensitive information from being released. At the end of the day, however, the fundamental aspect of the agent’s job is to be available to answer calls and do their best to help callers, leaving them vulnerable to those who seek to take advantage of the situation. This makes them ideal targets for bad actors who want to exploit the circumstances through vishing, or voice phishing…
When we think about network security for our business, it’s easy to focus on the technical side of things. After all, focusing on what you can control tends to give the illusion that you can control it all. We know how to install firewalls and antivirus software; we know how to encrypt our communications. The problem is, security isn’t just about technology—it’s about people. And people can be both your greatest security advocates and your weakest security links (leadership included). One of the most insidious ways in which attackers exploit this vulnerability is through social engineering.
Social engineering is the art of manipulating people into divulging confidential information they might otherwise protect. It’s a type of attack that relies on human psychology rather than technical exploits. Social engineering attacks can take many forms, but a few of the most common are phishing, pretexting and baiting.
Phishing is perhaps the most common form of social engineering. It involves sending an email, text or other message that appears to come from a trusted source, such as a bank or a social media site. The message typically contains a link that directs the victim to a fake website designed to look like the real thing. Once the victim enters their login credentials, the attacker can use those credentials to access the victim’s account…
In today’s digital age, businesses still often rely heavily on phone calls as a means of customer communication. However, with the rise of phone scams and robocalls, it can be difficult for consumers to trust most incoming calls, even from numbers familiar to them. This is where branded caller ID has the potential to help.
Branded caller ID, also known as call display branding or caller ID branding, allows businesses to display their company name and/or logo on the caller ID of outbound calls. This can create a more trustworthy and professional appearance for the business, helping companies deal with fraud and the rise in consumers that are increasingly wary of answering calls from unfamiliar numbers. Through branded caller ID, customers can identify the brand and have more trust that the call is genuine.
In this way, branded caller ID can help businesses improve the chances that customers will answer their calls, likely leading to more productive and successful interactions and outcomes. This can be especially valuable for businesses that rely heavily on phone calls for sales, customer service or other important interactions…
After almost 150 years of business telephony, you would think that we’d have a secure and dependable telecom infrastructure. However, when you have a complex international network that moves voice calls and SMS messages between multiple providers, bad actors can find ways to exploit cracks in the system.
Having a phone number—or many phone numbers—exposes the people who pay the bills to the potential for telecom fraud. It’s a cost of doing business, but a cost that can be prevented by taking the right steps…
Many businesses operate under the impression that their caller ID (also known as CNAM) appears every time they make an outbound call. However, less than 10% of consumers opt-in to caller ID, leaving 90% of consumers to receive only an 11-digit unknown number when a business tries to reach them.
Lack of context for incoming calls and the massive rise in scam calls has conditioned consumers not to answer calls from unknown numbers. In addition, an absence of consumer trust in the phone call has led to an inefficient phone channel, which is problematic for legitimate businesses trying to connect with customers.
First introduced in 1988, caller ID name has been tried and true over the last three decades. However, telecommunications technology has continued to evolve, leading us to the next step in this evolution: branded communication, which allows businesses to control how their outbound calls are displayed on the call recipient’s device.
Caller ID pulls names from databases businesses can’t easily adjust or control. With the number of different CNAM providers that carriers use, there is no guarantee a business’s name will show up the same to all mobile subscribers. A business’s inability to control its CNAM across all carriers means that if the name pulled from the database is unidentified or incorrect, there is a greater chance the consumer will perceive the phone call as spam or scam and let the call go unanswered…
The story of the manufactured net neutrality crisis is instructive when investigating consumers’ #1 communications complaint: robocalls. When the 2017 Federal Communications Commission (FCC) removed the so-called Title II net neutrality rules, the Washington Post and New York Times predicted an internet apocalypse. Some policymakers warned that the internet would be delivered one word at a time. Since then, however, US internet speeds and technologies have only improved. Moreover, nixing the 1934 Ma Bell price controls helped reboot fallen network investment. This proved critical as networks had to be ready before Covid-19 hit. The rule reversal also restored oversight of broadband markets to the Federal Trade Commission (FTC) where it had been since inception of the commercial internet. The FTC has broad powers to police anti-competitive practices and provide financial relief to consumers.
Data from the FCC’s Consumer Complaint Center in 2020 reports that robocalls, or unwanted calls, comprise 55 percent of all complaints compared to just 1 percent for net neutrality or open internet. The FTC manages the Do Not Call Register and processes tens of millions of complaints of unwanted calls and texts annually. Yet despite significant public and private effort, robocalls continue to plague consumers. Then pandemic has fueled robocalls with fraudsters posing as government officials or ecommerce providers requesting personal, payment, or delivery information. Fraudsters employ spoofed or recognized phone numbers to evade regulation and blocking technology. The FBI reports that that highly-organized, international criminal gangs are behind much of the fraudulent activity. The problem is growing as scammers and fraudsters move to WhatsApp and other internet platforms.
Government laws and regulations often have to be adapted to meet the challenges of evolving technology. Sometimes they fail to respond quickly enough. Skeptics regularly cite this “pacing problem” as a reason for letting technology companies manage themselves.
But sometimes lawmakers get ahead of the curve and put in place a flexible law that allows the rules to evolve to meet changing technology. The 1991 Telephone Consumer Protection Act (TCPA), directed at controlling nuisance telephone calls, was a successful example of flexible, adaptive technology policymaking. By granting rulemaking authority to the Federal Trade Commission and the Federal Communications Commission, for instance, it allowed the agencies to put in place the Do Not Call rule in 2003. Dave Barry called this rule “the most popular federal concept since the Elvis stamp” because it allowed people to opt out of receiving telemarketing calls.
The statute also bans the use of autodialers to make calls to cell phones or to send text messages without the prior express consent of the called party. Or at least it used to until April Fools’ Day 2021, when the Supreme Court gutted that provision in a decision that reads like a brief from a telemarketers’ trade association. The decision creates a “pacing problem” that Congress thought it had solved by giving agencies the power to adapt the statute to new conditions. It will force Congress to pass a new law to correct the Court’s mistaken and overly narrow reading of the statute.
The Court’s Narrow Reading of the Statute
An autodialer is defined in the statute as a device with the capacity “(A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” Since modern autodialers don’t use number generators at all, the Ninth Circuit Court of Appeals reasonably adapted the statutory definition to the contemporary world by ruling that an autodialer need only have the capacity to “store numbers to be called” and “to dial such numbers automatically.” Senator Ed Markey, the actual author of the 1991 law agreed with that interpretation, saying, “It was clear when the TCPA was introduced that Congress wanted to ban dialing from a database.”
But, in an exercise of arid judicial scholasticism, the Supreme Court ruled that a device is an autodialer only if it uses a random or sequential number generator to store or produce numbers to be called, thereby applying the statute’s autodialer provision to exactly zero real-world devices. It didn’t even attempt to hide the gutting of the statute – noting blandly that if its interpretation meant that the statute applied only to “senescent” technology that was because the statute itself was “senescent.”
The Court’s professed rationale for this narrow reading of the text was an obscure rule of statutory interpretation – look at the placement of the comma, the majority opinion urged. Even Justice Samuel Alito, who nevertheless concurred in the decision, rejected the Court’s strained reasoning as “mechanically applying a set of arcane rules.” Such arbitrary rules of interpretation, which the Court increasingly relies on, derive from the work of the late Justice Antonin Scalia. They have nothing to do with the rules of English grammar, but everything to do with giving the Court a flexible tool to reach whatever conclusions its policy preferences dictate.
Where’s the Technology Assessment?
The Court did engage with today’s technology – but only in the crudest and least nuanced way. Since cell phones have a speed dialing function and store numbers, the Court reasoned, a broad reading of the statute would make every cell phone an autodialer subject to the consent requirements of the statute, which indeed makes very little sense.
But a speed dialer is easily distinguishable from an autodialer because a cell phone user has to select the person to be called and push a button to speed dial it, while an autodialer can dial telephone numbers 24/7 with no human intervention at all. The court brushed aside such a reasonable technological distinction, saying it had no interest in the “difficult line-drawing exercise” of determining how much automation makes a device an automatic dialer.
Moreover, the Court moreover attributed to Congress not an interest in reducing nuisance phone calls, but only the narrowest possible interest in preventing just the abuses arising from calling random or sequential blocks of numbers. Why Congress would deliberately limit itself in this way to the technological realities of 1991 is left to the imagination of the reader.
The Court even provides a roadmap for how to use an automatic dialer to make calls or to send text messages without triggering the TCPA consent requirement. First obtain a “preproduced” list of cell phone numbers. Then be sure not to use “a random number generator to store numbers to be called later” because storing numbers for later calling using a random generator will make the device an autodialer in the Court’s interpretation of TCPA. Instead, the Court advises, draw numbers from the “preproduced” cell phone list “for immediate dialing” in whatever fashion you want – the Court has no interest in regulating how the automatic dialing takes places. In this case, the Court says, the device will neither store nor produce the called numbers using a sequential or random number generator, and so will not be an autodialer for TCPA purposes.
The TCPA prohibitions on recorded messages remain intact, and the Do Not Call opt out opportunity is still available, but the danger in the Court’s decision is clear. Unwanted calls are such a pervasive problem today that many people do not answer their cell phones unless they know the person calling. The Court’s decision just made the current miserable situation immeasurably worse. As Margot Saunders with the National Consumers Law Center says, the decision will allow telemarketers to “flood our cellphones with even more unwanted robocalls and automated texts.”
The good news is that Senator Markey and Representative Anna Eshoo plan to introduce legislation soon “to amend the TCPA, fix the court’s error, and protect consumers.” If the experience of Do Not Call is any precedent, we can expect rapid passage of such a popular consumer protection measure.
In responding, Congress needs to make it clear that the enforcing agencies have full authority to update the relevant definitions to adapt to changing technology. At one point, perhaps, the Supreme Court could be relied upon to adapt statutes to evolving technology, but it appears to be lost in sterile scholastic debates about the placement of commas rather than an evaluation of real- world technological issues. Congress should lodge the responsibility to update and clarify the application of old rules in light of evolving technology to expert agencies that understand the business realities and the technologies used in the industries they regulate.
There’s another clever fraud tactic to add to your library of security threats. Imagine a call or voice message that appears to come from a trusted source but is really a disguised attempt to compromise your identity, credentials or financial information. More of a social engineering scheme than a vulnerability, “vishing” is a highly effective and targeted form of phishing that uses voice as a means to lure victims into disclosing private information.
A recent data breach at the Ritz in London that evolved into vishing attacks on hotel guests demonstrates how conniving cybercriminals have become in this social engineering scam. The prominence of the Ritz attack, among other high-profile events, indicates that the phishing attack landscape has grown as remote working has taken hold of company environments. At $3000 a night, the Ritz customers fit a certain socio-economic profile; hence, the voice messages were highly targeted and well-choreographed. The attackers went after business clientele for credit card details and information, impersonating the Ritz. According to Digital Trends, one target was convinced by the ruse because the incoming phone number was spoofed to appear as the hotel’s actual number.
Hotels are a perfect target for cyberattacks. Not only are there many vulnerabilities that come with managing hundreds of new customers each day, but hotels have access to a massive amount of customer personal data. In the Ritz case, the vishing attack was so effective because they don’t train customers about what calls to expect regarding their patronage in their normal course of business.
Beyond Email: The Hacker Game Has Changed
Users have gotten reasonably good at spotting scam emails, and popular email systems help detect these efforts’ email items. However, email is not the only game in town. Scammers now exploit social media networks, online file-sharing systems, messaging platforms and applications and phone systems. Compared to email, these channels of opportunity are highly personalized and focused on sharing.
Scammers also leverage sophisticated and ready-to-launch phishing kits, including social, voice, email and enterprise channels. With a bit of time and dedication, an attacker can choose the target(s) of choice, mimicking login portals, official company pages and web pages. The threat condition here is now a scaled, repeatable and convincing operation. Armed with any available ill-gotten or publicly sourced data, the results can be disastrous.
Vishing Exploits Trust
You might recognize the low-level, even common criminal vishing attacks that consist of phony tech support staff, purporting to be from Microsoft or Apple. In other well-known case types, scammers impersonate the Internal Revenue Service (IRS) or the local utility company under the threat of disconnection, severe penalties and, in some cases, jail. Although the label of vishing may be relatively new for most individuals, the tactic is familiar.
At an estimated yearly global loss approaching $50 billion, vishing and the sort of fraud that scammers leverage against the unsuspecting public is unacceptable. When launched against a company, the impact could be devastating in compromising:
- Data integrity
- Privileged and competitive data
- Financial payments
- Account integrity
Riding on the coattails of the first attacks, vishing hackers mount a nefarious second wave perfectly timed to hit victims where it already hurts.
Motivation and Human Opportunity
Phishing, vishing and various other forms of cyberattack continue to be driven by financial motivations. Data is valuable, trust is valuable and a converted target can pay dividends. To those ends, cybercriminals have developed increasingly sophisticated attacks, exploiting vulnerabilities and loopholes in technology, validations even flaws in how html language is exchanged.
Cybercrime threats are here to stay, and the situation appears to be getting worse as we let our guards down due to distractions related to the pandemic. The bottom line is that humans are vulnerable and gullible, and these attacks continue to work.
The Pandemic Effects
As many industries and workers took a hit during the pandemic, cyber threat actors thrived many opportunities following the shift to remote work. The lines between work and home are now blurred in many cases, wherein in some circumstances, corporate devices became personal tools and vice-versa.
Corporate applications now run on home networks. Video and dial-in conferencing are everywhere. A precarious security gap exists between what a company expects is happening in a data stream versus what is actually happening. Video games, shopping, streaming and mobile banking are all attack vectors and opportunities for cybercrime. These circumstances highlight the immediate need for heightened corporate cybersecurity and data protection practices, especially as opportunities to breach across audiences increases.
There is an effort underway, spearheaded by the United States Telecom Association (USTelecom), a nonprofit organization representing U.S.-based telecommunication-related companies, to stop the billions of illegitimate robocalls being made, or to at least put a significant dent in those numbers.
USTelecom counts among its members large and small communications providers, from AT&T T and Verizon VZ to Ironton Telephone and Kalida Telephone Company.
Together, USTelecom and its members have formed the Industry Traceback Group (ITG), which comprises communications companies providing wired, wireless, VoIP, and cable services. Operating under section 222(d)(2) of the Communications Act, which permits “carriers to disclose and/or permit access to customer proprietary network information if suspected fraud, abuse or unlawful use of services exists,” the ITG is a platform for communications companies to “trace and identify the source of illegal robocalls.”
The traceback process begins with a terminating service provider that possesses information about suspicious phone traffic. The call is then traced back through the various communication provider networks until it reaches a nonresponsive communications provider or the originator of the call. This information is shared with federal and state law enforcement agencies.
According to the 2019 USTelecom Progress Report, approximately 110 tracebacks were conducted per month, which translates to robocall campaigns responsible for “tens of millions of calls.”
USTelecom also collaborates with YouMail, which identifies the most prolific robocall campaigns, enabling the ITG to focus its traceback efforts to locate the source.
The effort appears to be working. Alex Quilici, CEO of YouMail, directed me to a recent article in The Wall Street Journal reporting that on March 13 YouMail picked up a surge of calls that mentioned novel coronavirus testing kits.
On March 17 U.S. communications companies traced the calls to a Philippines VoIP provider. ITG notified the provider, which responded within 24 hours that it had cut off services to the customer responsible for the calls.
Moreover, YouMail reports that between March 17 and March 18 the volume of robocalls pitching the testing kits had dropped 75%, and after March 20 they had almost disappeared…
Fighting fraud is often compared to a game of whack-a-mole: Improve security in one area, and criminals will find a new way to breach a company’s defenses in another area. In recent years, for example, the introduction of security chips has greatly reduced the fraudulent use of physical credit cards, but criminals have not responded by throwing up their hands and going home.
Instead, they’re increasingly turning their attention to account takeovers.
Fraudsters sometimes gain access to victims’ bank and e-commerce accounts by cracking weak passwords or using stolen credentials, but more and more attacks are targeting what is emerging as the weak link in many organizations’ security systems: the phone channel.
In a recent study, 51% of the financial services companies we surveyed identified the call center as the vector of choice for account takeover attacks. Jim Hickman, assistant vice president of Financial Crimes Operations at USAA, and Tom Poole, senior vice president for digital payments and identity at Capital One, have also pinpointed the call center as the location where most fraud starts. At the Money 20/20 USA conference in 2018, they agreed that while account takeovers tend to show up in the online channel, the job usually begins by socially engineering call center agents.
Social Engineering And The Rise Of Account Takeovers
Call centers often use knowledge-based authentication — asking callers to prove their identity by supplying personal information such as their account number and mother’s maiden name — to grant access to customer accounts. This process is highly vulnerable to social engineering, which is shorthand for when a scammer manipulates an agent into inappropriately granting access to an account, particularly now that vast troves of consumer data are available for sale on the dark web.
As the VP of technology for a company that works with financial institutions and other enterprises needing to authenticate callers to protect account access, I know this scenario all too well. Armed with personal information purchased on the dark web or gleaned from social media, a criminal can phone an organization’s call center (perhaps using a spoofed number or a virtual call service to disguise the call’s origins) and, posing as a customer, correctly respond to the agent’s identity interrogation to convince him or her to reset the account’s online password or change the associated email address.
Treating Everyone As A Suspect
Because these systems are not foolproof, and they merely flag risks rather than positively confirm a legitimate caller’s identity, organizations end up treating every caller as a suspect while doing little to actually catch fraudsters.
This process asks agents to subject every caller to time-consuming (and often annoying) identity interrogation while spreading the organization’s fraud-detection resources across all incoming calls, even though the vast majority of callers are actual customers. There is a better approach.
When detectives begin investigating a crime, one of their first steps is to confirm alibis and rule out suspects who don’t match the forensic evidence at the scene. If they can rapidly eliminate 80% of the potential suspects, they can concentrate all their resources on the remaining 20%. This same principle applies to separating good and bad actors before they can commit a crime.
If an organization can immediately confirm the majority of callers as legitimate, the call center’s fraud-detection staff and tools can be directed toward assessing the significantly smaller subset of non-authenticated calls, thus dramatically improving fraud-fighting return on investment. Agents receiving non-authenticated calls will be more alert to potential social engineering attempts, and the use of tools to assess inbound call data or caller voices can be much more focused.
But how can call centers confidently focus their fraud-fighting efforts if knowledge-based authentication is ineffective?
The first thing organizations need to do is fight fraud where it starts, not where it ends. They should build systems to accurately track fraud events back to the source. This will very often be the call center and will require an ability to record and replay activity on an account to determine the moment of account takeover.
A second approach is to augment the training of agents. A strong line of defense is an informed call center staff. Employees should be able to recognize the signs of a social engineering attempt, being wary of behaviors like a strong sense of urgency, pressure to make a quick decision or seeking empathy. Agents should be empowered to react to attempts, regularly retrained and apprised of the latest fraudster techniques.
And finally, companies should look into implementing stronger authentication methods. Organizations can choose from a growing range of multifactor authentication solutions using technologies that can verify customers’ identities and route them into a trusted caller flow. For example, an inherence factor (a voiceprint) can be combined with a physical ownership factor (the customer’s smartphone) to create a solution that automatically and accurately authenticates callers before they reach an agent.
September 30, 2019
Given the recent media attention on combating robocalls, we need a reality check: We can’t completely eradicate these “nuisance” calls. But we do have the technology and regulatory framework here in the United States to block the most egregious robocalls that put consumers at risk.
While there’s not a panacea for robocalls, we can take huge strides in shutting down illegal robocalls run by fraudsters who use autodialed, pre-recorded messages to prey on unsuspecting victims to steal money or personal data, or both. Some quick clarity on terminology: If you answer the phone and hear a recording rather than a live person, then it’s a robocall. And if the call is trying to sell you something, then it’s illegal — unless you’ve given written permission to allow it. More information on robocalls from the Federal Trade Commission (FTC) can be found here.
September 14, 2019
A new report highlights how nimble scammers and spammers are in the face efforts to combat robocalls.
Despite new initiatives by the Federal Communications Commission (FCC) and carriers, robocalls aren’t on the wane. Americans are still facing a scourge of 200 million unwanted robocalls a day, according to a report from Transaction Network Services (TNS), a major telecommunications network and services company…
July 12, 2019
The Federal Communications Commission is lauding the progress that phone carriers are making in the fight against unwanted robocalls, but also warning that if they fail to meet a deadline, the agency will move to impose new regulations.
This week the FCC held a summit on combating robocalls, a broadly acknowledged problem that has eroded trust in the phone system and put consumers — particularly the elderly — at risk of falling prey to scammers.
The FCC has alighted on a technical approach to fight the spoofed calls that often show up on your caller ID with your own area code and, often, the same first three numbers as your own phone number. Those calls, by spoofing your own number, aim to trick you into answering what appears to be a legitimate, local call, but in more likelihood originates from an overseas auto-dialing operation. The result, officials have lamented, is that we have become a “nation of call screeners.”
The Federal Communications Commission is pushing the telecom industry to step up attacks on robocallers, which could provide another tool for consumers.
The FCC knows better than anyone how bad the robocall crisis is (FCC Chairman Ajit Pai has called it a “scourge”) simply because of the flood of complaints the agency gets.
Unwanted calls are far and away the biggest consumer complaint to the FCC with over 200,000 complaints each year—around 60 percent of all the complaints we receive.
–“The FCC’s Push to Combat Robocalls & Spoofing,” FCC
Source:https://bit.ly/2voDOFK
Verizon is getting ready to offer a free robocall blocking app at the end of this month, as it steps up efforts to combat the growing plague of spam calls.
Update (Thursday March 28, 2019): here’s the new free app.
In 2019, pretty much everyone is on a robocaller’s speed-dial list. That often means several spam calls per day.
Verizon knows this of course. It already offers a paid blocking app for $2.99 a month. But the new freemium (free + premium) strategy means that in addition to the paid app, there will now be a free* version…
October 29, 2018
Just weeks after the Social Security Administration (SSA) warned about an Office of the Inspector General (OIG) impersonation scheme, the Acting Inspector General of Social Security, Gale Stallworth Stone, is raising an alert about a new scam. This time, the scheme involves thieves who are engaging in caller-ID “spoofing” which echoes a pattern where thieves pretend to be from government agencies, like those scammers who are spoofing calls from the Internal Revenue Service (IRS)…
July 22, 2018
Why can’t the government catch these guys? That was the sentiment echoed in my inbox over and over as those Internal Revenue Service (IRS) impersonation phone scams exploded. It felt painfully slow, but arrests were finally made in the United States and India. This week, many of those scammers were sentenced for their crimes.
Twenty-one members of a massive India-based fraud and money laundering conspiracy faced sentencing hearings this week in Houston, Texas. The defendants had ties to India-based call centers that targeted U.S. residents and cheated thousands out of hundreds of millions of dollars…
July 20, 2018
It may be summer, but the bad guys aren’t taking a vacation. The Acting Inspector General of Social Security, Gale Stallworth Stone, has issued a warning about an ongoing phone scam from thieves pretending to be from the Social Security Administration (SSA).
As part of the con, scammers try to convince you to give up personal information, like Social Security numbers and bank account numbers, over the phone. In another case, a caller claims to be from “SSA headquarters” and asks you to confirm personal information, such as an SSN, “new” Medicare number, address, and date of birth…
June 12, 2018
4.1 billion. That’s the number of robocalls made to American consumers last month, according to the robocall index operated by YouMail, a robocall blocking service.
Managing illegal robocalls has been the FCC’s responsibility since the Telephone Consumer Protection Act (TCPA) was signed in 1991, but a recent court decision means the FCC must reconsider how it defines—and handles—the most annoying phone calls.
In March, the U.S. federal appeals court in D.C. found that the Commission’s definition of autodialer could potentially apply to smartphones, and had to be reworked…
June 11, 2018
Caller ID is an automatic feature offered by every telecommunications carrier to identify a calling party to the recipient. While there are options to block outgoing identification in order not to transmit your phone number if privacy is desired the system also fosters the ability to deceive. Some telephone companies will send only the phone number, and others will also send the subscriber name. Outbound caller ID options are associated with non-toll numbers only. If you blocked your number from appearing on the telephone you are calling, the rules do not apply to toll-free access so if you call an 800 number, for example, regardless whether you block your identity, it will still be displayed because the recipient is actually paying for the call…
March 6, 2018
Be careful out there. That’s the word from the Internal Revenue Service (IRS) as the tax agency reminds taxpayers about continuing aggressive phone scams. Those phone scams are “a major threat to taxpayers” and as such, continued to hold down a top spot on the IRS “Dirty Dozen” list of tax scams for the 2018 filing season.
The Dirty Dozen is compiled annually by the IRS and lists a variety of common scams taxpayers may encounter any time during the year. However, many of these schemes peak during filing season – especially scam phone calls…
April 24, 2017
Taxpayers across the country breathed a sigh of relief after the arrest of Sagar Thakkar, a 24-year-old Indian man accused of running those Internal Revenue Service (IRS) phone scams. Indian police arrested Thakkar earlier this month, claiming he was the mastermind behind the scam where callers posed as IRS agents to collect bogus tax debts. According to the local police, the lack of response from American law enforcement authorities familiar with the investigation has been deafening.
The call centers at the center of the scam investigation were headquartered in Thane, a suburb outside of Mumbai, India. In an interview with Forbes India, Thane Police Commissioner Param Bir Singh discussed Thakkar’s role in the scam, suggesting that he was more of a “greedy youngster than a hardened criminal.” Thakkar, known as “Shaggy,” was said to be making more than 10 million rupees ($155,000) a day, or over a million dollars per week, at the scam’s peak…
February 27, 2017
The “Dirty Dozen” list of Tax Scams for 2017 has been released by the Internal Revenue Service. Inside this list resides some all too common and devastating tax horrors of which to be aware and vigilant. The top 4 most common tax scams are: phishing, phone scams, identity theft and return preparer fraud. Let’s take them one at a time to make sure you have a seamless tax season…
January 4, 2017
Imagine a hacker breaking into someone’s accounts.
If fancy computer skills are part of your mental scenario, rewind the tape in your mind. That’s not how it’s happening nowadays…