Hello Readers, its been a while i picked up some topics recently… so jumping into the topic directly as its hot and the idea might be new…
Gist: Just after the iPhone 15 launch I got a scam call.. initially, they offered me a sim contract-based iPhone, later asked my DOB for confirmation and then asked for bank details to setup auto debit for iPhone on a monthly basis.
So usually this happens to many users and some understand it as scam call and some ignore and hang up…
But as a cybersecurity engineer, my mind was a little curious and wanted to know the vulnerable points(PII – Personally identifiable information) of communication and also how scammers are getting smarter day by day to fool people.
A new way to stop scams: So the whole idea will flow according to the scam call communication..
- A Level 1 scammer calls you and offers you an iPhone.
- You will be asked to select a model and color.
- Later they will ask for the address(PII)
- then again just some random misleading info like “you will have a contract of 35Pounds Per month..so and so.. and when you want it delivered” to give a genuine feel of the call.
- If the scam targets customer teachers to this point then it is almost confirmed that he will lose money, as the next question will be “Please confirm your DOB for delivery confirmation”. Another PII, Here readers must understand that your DOB is mostly enough to scam banks and other places to confirm your identity.
- Now the Level 1 Scammer finished his job, and the call will be transferred to another scammer saying for final setup. This break is like another point to fool targets and give a feel of genuineness. This again indicates a grade of confirmation to the scammer that “Target Secure… Continue to Main scam”
- Now the Level 2 scammer speaks in more relevant accent of local place(UK), and say all the info that you spoke to Level 1 scammer. Note: the transfer of call speed was just less than 15 seconds and the Level 2 scammer has all info that you spoke to Level 1 scammer, which is like almost scripted.
- Main Scam: Now the Level 2 scammer asks for your Sort code (IFSC = India) and Account number to set up Auto Debit, which finally leads the target to lose money by giving out these details.
A new way:: In my case, in step 8 of Level 2 scammer, I knew that he will confirm my details from real-time online application which gives details of the provided sort code and account number. As I knew this is scam I gave them the wrong sort code( which they thought was genuine) and continued asking for account number(again jumbled wrong numbers). All this point I was hearing them typing these…
The scammer said the info is wrong: Ah!… something definitely technical here and fast enough to say the details were wrong in less than 5 seconds!! .. scammer asked again and again for the details and I gave them the wrong for three times to confirm their typing and verification method.
A new way to catch scammers: As you already know the scammer used data to confirm it was wrong, now things get technical here, try sharing this article with people to reach out this method to various Banks so they can implement the following method.
Note: This is a simple way(old), but the target giving wrong account info and implementation can make the difference in catching scammers and helping people to protect their money.
Step 1: Create a script which feeds the input text and validates it, with the account details of from which the app(scammer bank app) was used to enter Target’s bank details.
Step 2: Also create a limit in the bank app to try out the wrong account details( which can free app/ limit login to app..any other measure to stop the scammer account being active)
Step 3: Now this might also create some false positives(based on implementation), but here banks now know who is the scammer and target and can implement any other method to stop this scam.
Thats all.. for future content like this keep visiting PR Tech News.