Originally published at: Watch a scammer use AI voice mimicking and phone number spoofing to con their target | Boing Boing
…
My mother has proven herself susceptible to scammers, so this. As I noted in an earlier comment, we now have a family code phrase to go along with any urgent request for money or sensitive information. If the caller doesn’t work it into the conversation, nothing is to be given out.
Next family get together discuss/assemble a list (possibly a formal list) of “idle” questions to ask an apparent relative in distress as a means of improving the chances that the caller is who they say they are, (ey, it’s an family activity which beats “Wait… who the hell did you vote for!?”) One favorite is variations on “Your sister and I were discussing that pet hamster you owned, what was its name again?” …bonus points if the target didn’t have either a hamster or a sister.
Queen to queen’s level 3.
Why is phone spoofing even allowed? Is there even a legitimate use for it? Phone companies could probably wipe about a good proportion of fraud by disabling this, but they won’t cuz they must be profiting from it.
A good idea, but I suspect the majority of these attacks are happening in business settings, like they did in the example above. And if I don’t know whether my boss has a sister or a hamster that won’t work. Maybe such passphrases really need to be coordinated in the office. Maybe we should all carry one time pads with us at all times.
It was a cheap work-around for some technical problems with private branch exchanges for companies. (I forget the details.) It probably dates back to when it was practically all Bell equipment.
It should have been shitcanned decades ago, when a PBX could be a card in a PC, but that would cost money.
If @bluehenbear means Caller ID, yes, it’s quite easily spoofed. Owners of PBX systems who are given a block of phone numbers are generally asked to use the honor system to have their PBX list on the caller ID text who they are. Been that way ever since it was introduced. For example, all of our outbound numbers at [RedactedCo] show their caller ID as [RedactedCo] and, depending on what the dialing extension internally is, either shows a DID number (DIrect Inward Dialing) or the number for the main PBX line. That’s a legitimate use for it, at least.
And phone companies are profiting from it- they probably have the means to disallow custom callerID numbers, but etiher don’t care, or haven’t been slapped with enough fines / rule enforcement actions from the various regulators globally to actually implement it.
And it gets even more complicated when you mix in VoIP calls, because then your call can originate from, a boiler room in, say, india, filled with scammers but have a caller ID of a phone number in the same area code as yours.
Easier than setting up code words and such is to simply say: “I’ll call you back in a couple minutes,”
Unless the hacker has also cloned your friend’s SIM card, in which case your call will go right back to the hacker.
On landlines, beware of the delayed disconnect scam. Definitely wait a few minutes, and maybe call some other number first. “Thanks for calling back grandma.” “Really? Because I just called Rogers Cable.”
This topic was automatically closed after 5 days. New replies are no longer allowed.