The phone rings, and it’s your son in trouble, needing money. Your bank calls to say your online account has been hacked, and you need to change your password quickly. A text from your spouse comes through: They’ve lost their wallet on a trip, can you help?
Phone scams like these have been around for years but have become more targeted as people share information more freely online. And as technology like voice cloning improves, emotion-driven scams seeking to wheedle cash out of unsuspecting victims, such as the one that nearly befell a Marin County family, have only gotten more convincing.
How can people harden their defenses against increasingly common phone scams? Here are top suggestions from security experts.
Privacy settings
The first, and possibly simplest, step people can take to protect themselves against scams is to strengthen their social media privacy settings, said Abhishek Karnik, director of threat research and response at digital security firm McAfee.
That is because scammers can easily use recent social media posts to track a target’s location, such as a Hawaiian vacation or a trip to Las Vegas, to make their attacks more convincing.
“If a family member in Las Vegas is posting on social media, (scammers) could clone their voice to say… ‘I’m in Vegas, I lost my wallet, this guy is helping me out, send him the money,'” one relatively common scam, Karnik said.
Setting a personal Instagram account to private, or only allowing approved Facebook friends to view posts, makes it harder for scammers to scout potential targets, he added.
It is also possible to block unwanted calls and to filter out unwanted text messages, according to the US Federal Trade Commission.
The problem has become significant enough that federal agencies have begun to pressure telecom providers for failing to filter out spam and scam calls. Last week, a group of attorneys general including California’s Rob Bonta joined a call for federal regulators to rein in robocalls and artificial intelligence-generated scams.
“You have to be very cautious about what you are posting on social media,” Karnick said. “Your job is to make it more complicated” for scammers to find out about your life, he added.
Asking questions
If a scam call does come through, a simple strategy is to start asking questions, Karnick said.
“In general, if a scammer calls you, he’s cultivated or gathered some information about you,” he said. But pressing for specifics, such as asking the caller to verify the last four digits of an account number if she is claiming to be a bank representative, is a simple way to foil a scheme, he said.
In the same vein, some people have set up question and answer code words ahead of time with loved ones to proactively shut down potential attempts to impersonate a family member.
San Francisco resident Jennifer Hope said that after she read the Chronicle’s story about the Marin County family’s harrowing phone scam ordeal, she and her daughter and other family members set up code words that only they would know should a fraudster come calling.
“We’ve read about deepfakes and the manipulation of video and images to produce things that are wholly fabricated,” Hope said. “But not a specific scam using someone else’s voice,” she added, referring to the Marin family’s story. “I had not thought about that.”
Karnick said that step can be useful in certain settings. “Especially when you are talking about money matters or a situation you want to be extremely private about.” He also advised talking ahead of time to elderly family members – who are often targeted by phone scams, so they are aware of these kinds of capers – can go a long way.
The FBI cautioned in November that one common “grandparent scam” of impersonating grandchildren asking for money resulted in nearly US$2mil (RM9.46mil) in victim losses in the first nine months of last year in the United States.
Calling back
Perhaps the simplest way to defeat a scam call is to hang up and call back – and not just when it comes to scams using voice-mimicking technology.
“In most cases, your bank or your financial institution will never call you and ask for personal information over the phone,” Karnick said. Scammers often try to convey a sense of urgency, asking for an immediate money transfer. Or, as in the case of the family in Marin, demanding “bail” money to release a family member from jail.
Scammers will at times specifically instruct people not to hang up, according to the FTC, to discourage the use of the callback method. It is also common for criminals to pressure potential victims to pay immediately and with a specific method, like a gift card or wire transfer, according to the agency. “Anyone who pressures you to pay or give them your personal information is a scammer,” the agency says on its site.
“They’re playing with your sentiments,” Karnick said, adding that fraudsters carefully craft a sense of fear and panic to cloud a victim’s normal judgment “at the time you might not be thinking straight.”
A phone scam might also involve the perpetrator threatening to arrest, sue or otherwise or deport their victim, according to the FTC.
In the case of the Trapp family in Marin, calling their son, who picked up and was fine, stopped the scam cold just in time. – San Francisco Chronicle/Tribune News Service