The "Mystery Number" Scam
The people who read our site are a pretty savvy lot. You know not to accept checks from distant princes. You can spot a phisher from a mile away. But here’s one that might be new for you: scammers are now trying to exploit your “missed call” screen.
The scam, simplified: They call you, but immediately hang up. You see a missed call. You call back. They charge you for the call, and for each minute they can keep you on the line.
According to the Better Business Bureau and the U.S. Federal Communications Commission, this so-called “One Ring” scam is on the rise.
Like many a ruse, this one relies on hitting many, many potential targets at once. The scammer sets up a computer to call thousands of numbers per hour – because for every 99 people who follow their gut and don’t call weird numbers, there’s one who will. Maybe they’re waiting for response on a job interview, and don’t know what number it’ll come from. Maybe they’re hoping it’s that girl from the bar last night. Maybe the number just looks kind of familiar. It’s all about making mass sweeps and finding the exceptions.
The trick? They only let the call ring once before it automatically hangs up. One ring is enough for the number to show up on your missed call screen, but just short enough that you’re not likely to answer it in time (which keeps the call from fully connecting and thus keeps the scammer from having to front for any long distance fees.)
The U.S. Federal Trade Commission, which works to prevent fraudulent, deceptive, and unfair business practices in the USA, requires the caller to explicitly agree to charges on U.S. premium numbers. The number these particular scammers are dialing from generally uses the +1 country code (the U.S., Canada, and almost all of the Caribbean nations from the Bahamas to Jamaica), and thus looks a whole lot like a U.S. number, lulling Americans into a false sense of security. The fact is, however, these calls are not generated from the U.S., and the FTC has no jurisdiction on international numbers.
We’ve seen tricks like this before, using many of the same basic concepts – the sneaky international number, the hook to get you to call it back. A few years ago, a common scam technique was to text someone saying “Your [insert relative here] is hurt, and you are the emergency contact! Call [sneaky international number here] for more information.”
But this is the first time we’ve seen them boil it down to a simple missed call. It plays on the ubiquity of smartphones, where no one really calls each other anymore. If someone is calling, it’s probably important, right? Better call ’em back, right?
While reports on scams like this tend to warn you that you’ll be charged a zillion dollars per second, that’s usually not the case, in reality. Carriers will often void the charges if they/you catch them, so the scammer’s goal is often to keep anyone from noticing the charge. They’ll charge you a few bucks to establish the call, then a few bucks for each minute they keep you on hold/on the line.
But even if they charge you nothing, there are other reasons you should not call them back.
Once you’ve called, they know there’s a human on the other end of that number. It’s like hitting “unsubscribe” on a mass email – if the sender is a good guy, you’re unsubscribed. If it’s a spammer, you’ve just verified that its a legit inbox and have been signed up to a million more mailing lists.
Once a scammer has a caller on the line, it’s an opportunity to phish. If a person is open to dialing a mystery number, why not see if they’ll believe you work for their bank and need their credentials?
Avoid Getting Scammed
If you don’t recognize a number, don’t call back. If you really want to call back, Google the number first. Check the area code to make sure it’s not long-distance. Make sure you check the full number too; in many cases, you’ll find a page full of results saying “Do not call! It’s a scam!”
Some of the commonly used area codes to watch out for are 876, 809, 649 and 284.
If you’re an Android fan, try to get on a device running Android 4.4 (KitKat). It has a built-in number identification system that works quite well at identifying legitimate, non-scammy phone numbers as being safe to call.
Check your phone bill for sketchy charges. Your carrier knows aaaall about scams like this, and will generally reverse the charge if you complain.
Greg Kumparak is the Mobile Editor at Techcrunch.
© FrontLine Security 2014