ECJ EUROPEAN Cleaning Journal

Telecom scams are a growing threat to businesses, with criminals deploying ever more sneaky tools and tactics. Hartley Milner looks at some tricks of the fraudster’s furtive trade and how to avoid falling victim to them.

The cold-caller’s patter went something like this… “Am I speaking to Mr Miller?” “Well, it’s Milner actually, but go on.”

“This is Microsoft technical support here. Our data banks have identified validation issues with your internet account that need immediate investigation.

“Unless these are resolved promptly, you will start to notice reduced performance of your internet and email services, culminating in the loss of your connection altogether.”

Not a welcome prospect for the owner of a small communications business heavily reliant on staying online.

“Oh, right, so what do I need to do now?” I responded, already smelling a fat rat but intrigued to know where this clearly carefully crafted script was going.

“There is no cause for concern. We are here to help. We just require temporary access to your computer to remedy the problem. There is no charge for this service.”

I was told to follow a link to a website where I should download software allowing remote access to my PC – and therefore I deduced free range over all the folders and files thereon.

“Do it now,” I was commanded. “No thanks,” I said and hung up. Six months on and I am pleased to report I am still a fully functioning member of the online community.

A quick call to my telecoms provider had anyway confirmed this was a known ruse by scammers to either pilfer data from my computer on the spot or later. My provider stressed it would only ask to remotely access my machine during a live troubleshooting session I had requested. Microsoft gave a similar assurance.

But what if I had been taken in by the fraudster’s spiel, as millions of people are each year?
“Had you unwisely clicked on that link, one of a number of nasty things would have happened,” said Jack Wraith, chief executive of the Telecommunications UK Fraud Forum (TUFF). “It may well have downloaded a piece of malicious malware such as a trojan, some sort of keylogger or an application which would make your machine look as though it had been taken over by a virus and was locked.

“In the latter instance there would be details on the website you were directed to on how to have it unlocked. The catch is you will first have to transfer a sum of money from A to B. Even after you have followed this process you cannot be sure your computer is safe. Something unpleasant may still be lurking on it, enabling it to be attacked again at a later date.”

In a variation of the disconnection con, someone posing as a phone company representative makes contact saying your account is in arrears or your line needs a digital upgrade. You’re then tricked into believing you have temporarily been cut off, leading you to think the call is genuine.

In reality, the bluffer stays on the line with the mute button on, meaning you are unable to make any calls. Now you are asked for your bank details to pay for work that is not needed.

Email scammers can be every bit as artful. The fraudulent message may be disguised as an official request for information and include a link to a fake website that appears almost identical to the official one, complete with logos, images and navigation menus.

Once at the lookalike site, the user may be presented with a web form requesting information such as their credit card and banking details, home address and phone number. You may even be asked to login with your username and password.

Or the email may have an information request form attached to it. But beware! Simply opening the attachment may install a trojan on your PC that will steal your data.

“What the internet has done is open a Pandora’s Box in terms of criminals who very quickly jump onto what is current and use it to defraud the public,” said Wraith. “They are aware that the average person – particularly the older generation – is not necessarily technically sound.

“There is the fear element as well. People worry about how the caller got their phone number. Of course, all they do is randomly dial blocks of numbers and if someone answers they go through their script. This is a form of social engineering. They engineer information from their victim without them even knowing it. They will get your name and other information about you and then may go away or you hang up on them.

“A couple of days later someone else from the same gang calls, claiming to represent an official organisation such as your utilities company. But now they have your basic information. You get a sense you are known to them and this builds trust. Then during the course of the conversation they may extract your address, credit card and bank details etc and you are hooked.”

Phishing (fishing for information by phone or email) relies on a degree of naivety on the part of the victim, but tech-savvy cybercriminals mount far more covert operations, as a small UK retail business discovered to its cost.

Staff at Rimmers Music only became aware they had come under attack after receiving a shock demand for an extra 7,000 euros in phone charges.

Company secretary Kathy Tate said: “Our phone bill is normally between 8,200 and 9,400 euros a month, so you can imagine our dismay. Apparently, these people accessed the voicemail function of our telephone system when no one was in the office and then made premium rate calls to an island in the Pacific.

“Our telephone provider said the hackers had dialled in and then fiddled with the voicemail PIN number. We have taken measures to stop this happening again, but there is apparently no guarantee we will not be targeted in the future.

“It’s very distressing because we had to pay the bulk of the bill or risk having our phones cut off and that would be disastrous for a small business like ours. We had no redress through our insurers and the police said there would be little likelihood of catching anyone for the crime, so they wouldn’t be investigating it.”

Criminals also trawl the net with modems to detect the known signals given out when businesses have their own telephone exchange. If the exchange is on a default setting, hackers can figure out how to dial into it as an engineer would to carry out remote maintenance work.

TUFF’s Jack Wraith said these high-tech tricksters take out phone numbers in parts of the world with less well-regulated telecom services. After hacking into a telephone system, they make premium rate calls to these centres where someone simply picks up the phone and then hangs up.

“For every call made, the owner of the number will get a revenue of around six euros, or considerably more if the line is kept open,” said Wraith. “What they do then is put on a recording, often of a ringtone so anyone who happens to call the target building thinks their call is still ringing out.

“These fraudulent calls are difficult to detect. The problem for telecom providers is that on the network they look like normal traffic. And the current international payment system for calls almost encourages this type of fraud.”

But you are just as likely to be scammed on your mobile phone, however smart you may think it is. You notice a missed call from a number you do not recognise but dial it back, only to be redirected to a premium rate service. Or you reply to a text worded as if from someone you know, even though the sender’s number is unfamiliar. And smart phones and portable tablet computers are increasingly hacked because of the vast amount of data they can now hold.

Around a million people fall victim to online fraud each day. Telecom scams contribute to a global cybercrime economy worth an estimated tip-of-the-iceberg 342 billion euros a year to the Asian and Russian Mafia gangs who largely control it.

To avoid being scammed, remember:
• Mistrust all cold-calls and unsolicited emails
• Never click on a web link from an unknown caller or email source
• Never give out sensitive information over the phone to someone you had not contacted in the first place or who is not known to you
• Scrutinise emails for poor spelling and grammar and errors in any website address given 
• Always go to an official website
• Critically, install anti-malware software on your PC, ensuring it comes from a legitimate source.

“The authorities cannot prevent cybercrime by technology alone,” said Wraith. “We need the public to do what they can to protect themselves. And raising awareness of the issues is probably the most effective step we can take to counter this menace.”