Phone scams in the US are on the rise, so here’s how to recognize and fight them

So here’s what you are about to learn about phone scams:

1. What are “phone scams”?
2. Who are scammers targeting?
3. How do you avoid getting scammed?

What types of “phone scams” are there anyway?

What’s a “phone scam” anyway? Well, that’s when a bad actor gets in touch with you over the phone and then tries to get something out of that exchange, without any substantial reason for them to expect that.

As you might know, however, phones have become pretty capable. As such, “getting in touch” can mean a number of things and scammers are prone to using all of them. So, if we have to be technical, then phone scams can be put into three categories:

• Call scams
• SMS scams
• Email scams

Now, I know that some of you may disagree regarding the last bit, so I’d like to raise this reminder: most of us have phones and all phones, regardless if it’s an iPhone 15 or a Galaxy S23, literally come with an email address as a requirement for you to use them.

So, while at first glance it may appear as if the only difference between these three is the means of contact, that’s not actually the case. Because the type of communication defines what tactics the scammer can use against you. Even if they are technically the same tricks, they can look and feel different depending on the means of communication.

And if that’s the case, we can’t really go on without specifying said tricks!

The tools of a scammer’s trade

• Social engineering: the art of convincing people to do things
• Pressure: the key ingredient to get you to act on the convincing part
• Spoofing: a technology used to change the displayed caller ID
• Imposter schemes: scammers pretending to be someone else
• Trusting that you won’t do anything about the scam even if you don’t fall for it

Social engineering is truly awesome. But that’s only from the POV from ethical hackers and social engineers, who use it to raise awareness and educate people. But, unfortunately, bad actors exist too and they can use this tactic in all sorts of ways, like convincing people to download unwanted malware.

For example, over the phone a social engineer will act in a manner which can convince you that they are indeed calling from your carrier’s support center or from your bank, or even from your local hospital.

These people basically act out the part: they mimic the typical tone of voice, they use the expected vocabulary and some of them even fake accents to seem like foreigners in order to get you to trust them, which is their key to getting something from you, like your credit card information or your passwords.

On the other hand, social engineering looks and feels very different in SMS or Email form. In texts, the aim would be to make the message look as close as possible to an actual one that you may get from any service that you use, such as the ones described above.

And in email? Well, scammers can go as far as adding graphics and imitate the templates to convince you that the email that you’ve received is legitimate.

But presentation alone doesn’t get the job done, which is why scammers rely on the other tactics. Pressuring you into doing something is a key moment here: social engineers will always try to make the situation seem urgent and will even go as far as to threaten you with jail time, risk of health or financial status or exclusivity of an offer, like a prize.

By the way, even though this is rare, scammers will sometimes try to trick you into downloading files. And they don’t always need to be dead giveaways such as .EXE or .APK files, which are well known installer files. .PDF or .XLS files can be just as dangerous, so if you see that you’ve received one from an unverified source: don’t download it!

I know that all of this can sound really creepy and kind of disheartening, but I’ve got great news! Even if it may seem like scammers have all they need in order to make a profit from you, here’s the truth: you’ve got all it takes to put a stop to it too!

Who are scammers targeting and why?

As you might’ve come to understand from the last section: social engineers and scammers in general are pretty smart. But they are also creatures of habit, which can help us identify and combat them.

But before we can do that, we need to understand who they are targeting and why. And that part is actually pretty straightforward. Here are the prime targets for scammers:

• Members of organizations
• The elderly
• Victims of massive data leaks

The first one is a wide group: it’s everyone that’s part of a company or any sort of organization, ranging from a book club to an online forum. Why? Well, because if a hacker “cracks” open the right server, all of the delicious, juicy user data like emails and phone numbers are just sitting there. And you already know what social engineers do with that.

It really makes me sad to see the elderly still being a target group for these bad actors, because my own grandparents have been victims of scam attacks, where their love for me specifically was the key for the fraudsters almost getting a profit. And isn’t this the perfect example of why they are targets? Lack of experience with rising technology, combined with a kind heart is just what a scammer is looking for in a target.

Lastly: victims of massive data leaks. And while we hear about bigger instances of such, let’s not forget: a lot of us are taking part in lesser-known services too. And those don’t get as much time in the spotlight. So if you know that you are a part of something like this, then if you start getting spammed, you should definitely check with every service that fits the description.

We’ve got a lot of readers, so we decided to run a survey and actually ask you guys if you’ve ever gotten scammed. Out of 436 responders, over half reported that scammers had attempted to take advantage of them.

PhoneArena has been visited by almost half a million US citizens aged 45 and up in the last month alone. Given the case, you can probably see what got us inspired to write this one.

So let’s get down to the meat of it all!

Now that we know the enemy, how do we defeat it?

Well, phone scams aren’t exactly the type of enemy you “defeat”. But you can still come out the victor, so long as you learn how to avoid them. At this point, you’ve gotten to know what scammers and social engineers are aiming, so if you recognize it, here’s what to do:

1. Don’t trust Caller ID
2. Hang up or ignore the SMS/Email
3. Don’t act upon any suspicious request
4. Verify if it was legitimate or not through a second line of communication
5. If it was not legitimate: block the sender’s number or email address
6. Report the attempt to any authority that has a process to receive such reports

So! Pretty simple overall, but we’ve got to talk about the most essential parts of the workflow, namely:

• Double-checking for legitimacy
• Reporting a verified scam attempt

But how can you double check if something is actually real or not? Glad you asked:

How to check online if you are being scammed?

This one is as easy as copying the inbound phone number or email address and doing a quick Google search with it. In most cases, if it’s associated with heavy scam-related activities, it will come right up, indicated as such.

If it doesn’t, it may be a legitimate means of contact. BUT! Spoofing is still a thing. And, unfortunately, for some companies that means that scammers are able to make an email appear as if sent through an authentic company email address. Since that is the case, I recommend doing the next step too.

How to use a second communications line to verify if something is a scam?

To me, this is your best line of defense against malicious actors.

Are they calling you to ask for money to get medical help from someone you know? Ask that person if they are actually sick. Are they calling to tell you that your savings account is under threat? Check with your bank and verify if that is actually the case.

Better yet, your best course of action here is to do this through a different means of communication. If the supposed scammer has called you over the phone, pretending to be your bank, then use online chat to get in touch with the bank and ask if that’s actually the case. This will eliminate the possibility of a given type of communication being compromised.

This also works best when someone is calling you, pretending to be a loved one. If that’s the case: just text that person while the scammer is on the line. If the legitimate person responds with confusion, then you know it’s a scam for sure!

How to report a real scam attempt to the respective authorities?

Here’s the deal: scammers are relying on the fact that you won’t report them. That’s mostly because they know that most people don’t know that they can even do that. But you can, to a rather large number of authorities.