By Fergal Parkinson, TMT Analysis
Picture the scene: the bustling entrance and reception area of a large company in London.
A man approaches the front desk, gives his name and company details, saying he has an appointment and offering the name of the person he’s due to see. The receptionist takes his details and then starts scrolling the system to see if there’s a record of the meeting being booked and to find his invitee to alert them he’s arrived. But there’s a problem: there’s not only no record of the meeting on the system but she has no details for the person he’s apparently meant to be meeting even working in the building.
She explains this and he looks confused. He starts checking his own phone. “Let me just call my office,” he says, punches a number and holds his phone to his ear. But his phone’s got no reception, he says. “Could I possibly use your phone quickly?”
Ordinarily she’d probably say no. But this chap isn’t just some motorcycle courier – he’s smart and seems genuine. She asks him to read out the number, dials it and hands him the phone across the desk.
Over the next few minutes, she’s half aware of him trying to get through to a colleague for guidance – she hears him ask for a name and indicates with his face that he’s waiting. But she’s distracted herself by other people coming and going, demanding her attention, and by the time she turns back to him to give him the clear impression she really needs the phone back now, almost ten minutes have elapsed.
He explains he can’t get through to the right person to sort out the mistake. So he thanks her for her help and patience, saying he’ll need to get back to his own office to sort out this mess, and leaves.
She gets on with the rest of a normal day. And there’s nothing noteworthy about all this for another few weeks – until someone from accounts contacts her to ask about that call: because their itemised telephone bill has just landed.
And it shows that this short call cost them just shy of £1,000.
It later emerges that a man of this description has run the same scam at over a dozen other businesses across town in the same week.
It may well be apocryphal – I’ve heard it in two or three versions with small variations which suggests that possibility. But true or not, I think it illustrates an important point rather well: it’s reckless and naive to ever ring a number back – or let someone use your phone to do so – unless you’re sure of the provenance of the number being rung.
The story describes a new generation version of what’s known as a ‘call back scam’ – a con in which the victim is encouraged by fraudulent means to call a number from their own phone only to find later that the number they have dialled goes on to charge them at super premium rates.
These scams have been around for almost as long as there’s been a mobile phone market. The classic example was the missed call from an ordinary looking mobile that you return at your peril. Or being tricked into ringing what you think is a legitimate company that you are involved with and being put on hold – at a frighteningly expensive rate.
But as people have wised up to these the ways the fraudsters induce people to place their bogus calls have become more laterally-thought, more varied, more leftfield, so that they can now apparently even use real life actors.
And they’ve also varied their targets.
In the same way that most people are now well used to the idea that they must never reveal PIN numbers or passwords, most members of the public are fairly well trained around callback scams. They’ve been targeted for two decades so they’re pretty hard to con.
But, perhaps perversely, businesses are a newer target for these scams and that may well be because they’re easier to con than the public. Like the receptionist in this story, they’re not looking out for a con and are too busy with other tasks to notice any warning signs.
I heard recently of one tech company which fell victim to a string of these attacks and ended up losing tens of thousands in a few days.
It seems to be a relatively new and rapidly growing issue for businesses.
The answer of course is simply never to ring a number unless you’ve checked its credentials.
A number can present as being completely normal – set out in that five-three-three digit format beginning ‘07…’ and even be answered as if it is too – but still be ringing up one of these horrifying bills in minutes.
We at TMT Analysis – and other telecom security specialists too, to be fair – are able to run checks on any number for a negligible cost and in a matter of microseconds be able to flag any concerns about its provenance, its use and, crucially, anything alarming about its charging structure.
Your team should never call a number without this. Because no matter how plausible that smart man at the reception desk may seem, that is no guarantee his number is legit.
For more information on our TeleShield product drop us a line at firstname.lastname@example.org