Caller ID Scams on the Rise
Fraudulent calls threaten your money and your identity
Fraudulent phone calls from "your bank" warning of a problem with your account have been occuring for years. But recently, these caller ID cons have exploded — and been tweaked to appear more convincing in efforts to steal your money and identity.
In the last six months of 2011, scammers made more than 1 million of these calls, according to phone-fraud watchdog Pindrop Security. Their frequency increased each month, with a 52 percent spike between July and December. In the con world, they're known as "vishing" calls — short for voice "phishing." Phishing refers to any of a wide collection of ruses that try to trick you into disclosing personal information.
You may have gotten one of these calls. You pick up the phone to hear an automated message or sometimes a person claiming that your bank or debit card account has been frozen or somehow compromised. Your caller ID screen reassuringly displays the name and number of your bank.
You're asked to either dial a callback number or to immediately provide account numbers, PINs or other sensitive information. Sometimes the come-on arrives as a text message.
With your information in hand, the scammers may then use another phone line to call the financial institution. This time, its caller ID screen displays your name and phone number, which makes the employee who answers more likely to fall for fraudulent requests to transfer cash or otherwise deprive you of your money.
It's caller ID "spoofing" — the bad guys use special technology to put whatever name and number they want on the screen of the person who's receiving the call. Spoofing software has long been available online for free or for as little as $5 per 25 minutes of calling time. It's legal, but the federal Truth in Calling Act, signed into law in December 2010, makes it illegal to use the technology "for the purposes of defrauding or otherwise causing harm."
Increasingly, say Pindrop and other security firms, scammers are using Internet-based phone services, which may allow callers to choose their area code and even the prefix number that shows on caller ID — no matter where they actually are.
In the past, scammers commonly spoofed the toll-free 800 numbers of national banks. Now, they're using better bait: more familiar and believable local area codes and phone numbers, which help them masquerade themselves as the branch around the corner.
The Pindrop report estimates that the typical scammer uses 200 numbers, depending on who is being called. One gang employed more than 3,000. Spoofed banks included 30 of the nation's 50 largest, and each of the top five.
The five busiest vishing waters were New York; Washington, D.C.; Phoenix; Portland, Ore.; and Seattle. The next five were Los Angeles, Atlanta, Chicago, Houston and Kent, Wash., a Seattle suburb.
But no matter where you live, be aware that you can't rely on your caller ID. And if your bank is really calling you, it will already have your account and PIN numbers. So provide no info to callers and don't reply to text messages. If you're told there's a problem with your account, look up the bank's number yourself and call to verify.
If you already fell for this ruse, immediately notify your bank to change your account numbers. Within the next two to six weeks, check your credit report for free at Annualcreditreport.com to determine if fraudulent accounts have been opened in your name.
Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.
Also of interest: "Vishing" for your bank info.