How much can a phone scam artist know from my phone number?

[SecondCor521]

Hi all,

Like everyone, I get scam phone calls all the time.

My current solution is low-tech whitelisting. If my phone rings and it says "John" or "Dad", then I'll answer. If it rings and has a phone number, then I don't answer. If it's someone who actually knows me, they can leave a message and I'll call them back.

Problem with this is that I still get the #$*# calls.

I'm considering answering the phone and just wasting their time.

Questions:

1. Is this more or less likely to result in fewer scam phone calls over time?

2. Assuming my number is unlisted, can the scammer figure out anything about me if they know the number they've dialed? I think they can probably figure out my carrier, and maybe the general area of the state I live in, but they couldn't get my address or name, could they?

 

[Mr. Tightwad]

They sure can figure stuff out. Theres something called "white pages reverse phone # look up". There's also apps that can be purchased to tell you everything you want to know when you put in a phone number. I believe one is called "transparency" or something like that. I've seen it done. Name and address for sure, I don't know what else.

Once you get name and address, you then just keep digging for more info. Zillow for instance would give up all your housing information- what year you purchased, how much, etc.

I use fake names everywhere I can to reduce these problems.

 

[Aerides]

Just look into a spam/robocall blocker for your phone. Google FI is very good at it. Att has an app, and verizon has announced one coming this month.

I'm not sure they can glean much more info than they already have by answering, other than "this person answers!" - which is probably not a good way at getting calls reduced.

 

[target2019]

The longer you talk, the more likely it is that you spill a piece of information they can leverage against you. I ignore every call unless they're in my address book.

 

[MichaelB]

I don’t think answering the phone increases your risk or exposure. Much of our data, such as address and phone number, is already public information. Engaging with them on the phone, however, is pointless. Once or twice I’ve tried that and concluded I’m only wasting my time.

 

[JoeWras]

My mom and sister used to keep a whistle next to the phone and use it against obscene phone callers (remember that?). I wonder if that is of any use against scammers.

Probably not.

 

[Nemo2]

My mom and sister used to keep a whistle next to the phone and use it against obscene phone callers (remember that?). I wonder if that is of any use against scammers.

Probably not.

Problem is, if you piss one of them off by shattering their eardrum....be prepared for reciprocity.

 

[JoeWras]

Problem is, if you piss one of them off by shattering their eardrum....be prepared for reciprocity.

Yeah. Just don't answer is still the best.

 

[iloveyoga]

I only answer if I know for sure who it is.

 

[erkevin]

They sure can figure stuff out. Theres something called "white pages reverse phone # look up". There's also apps that can be purchased to tell you everything you want to know when you put in a phone number. I believe one is called "transparency" or something like that. I've seen it done. Name and address for sure, I don't know what else.

Once you get name and address, you then just keep digging for more info. Zillow for instance would give up all your housing information- what year you purchased, how much, etc.

I use fake names everywhere I can to reduce these problems.

Except most of the time, scammers are spoofing

 

[Rianne]

There's a thing called "spoofing." AT&T gave us a new # at no charge when that happened. Their security dept. explained a bunch of techniques scammers use. Here's a couple that stood out, at least I could understand.


-Spoofing. When the ID that shows up on the call is yours/with your name. So it looked like I was calling myself. My question to security, is that a person or electronic? It's a person. Do not answer, do not talk.
-Scammers record your voice. Better to have that annoying AI voice that just states your number. Person calling you knows it's your number and will leave a message.
-Again, do not say "Hello" "Yes" "Who's calling?" "Please stop calling" and rant and threaten. These voice variations are what they use for other things. For instance, voice security instead of passwords.
-If you're near your phone and you see a scam call coming through, answer then hang up quickly. Like in a second, green button then red button. There a security methods your carrier has that help.

 

[Jerry1]

Our phone is through the cable company, Spectrum. The provide nomorobo and some other tools. If yours has them, use them. It’s helped a lot. Then, either let the phone go to voice mail or just pick up and hang up. DW would sometimes pick up, say nothing and wait to see if they talked. I guess nothing wrong with that, but don’t engage. Who knows what they are capable of. I think not much. I mean it seems like they are basically a call center searching for suckers. I don’t imagine they engage in retaliatory behavior but there’s no reason to test that.

Search YouTube for videos of people messing with scammers and get your fix that way.

 

[scrabbler1]

There's a thing called "spoofing." AT&T gave us a new # at no charge when that happened. Their security dept. explained a bunch of techniques scammers use. Here's a couple that stood out, at least I could understand.


-Spoofing. When the ID that shows up on the call is yours/with your name. So it looked like I was calling myself. My question to security, is that a person or electronic? It's a person. Do not answer, do not talk.
-Scammers record your voice. Better to have that annoying AI voice that just states your number. Person calling you knows it's your number and will leave a message.
-Again, do not say "Hello" "Yes" "Who's calling?" "Please stop calling" and rant and threaten. These voice variations are what they use for other things. For instance, voice security instead of passwords.
-If you're near your phone and you see a scam call coming through, answer then hang up quickly. Like in a second, green button then red button. There a security methods your carrier has that help.

Last year, I was watching on C-Span a hearing at the FCC or FTC with experts talking about the problems with all the junk phone calls. They agreed that spoofing is the most recent tactic which has greatly juiced up the scamming while thwarting many call-blocking tactics such as Nomorobo (which I have on my land line although it doesn't block as many calls as it used to). Someone at the hearing said that the phone companies have the ability to block calls using spoofed numbers because the caller-ID won't match the actual caller's number. But there isn't anyone or anything forcing them to block those calls (yet).

I have a simple pay-per-minute cell phone (a flip phone) so I can't block the junk calls which make up at least 90% of all the calls. About half of those are neighbor spoofing. I have received calls from about 80 different numbers which begin with my area code and exchange, and that's in just the last 2 years. When I get any call on the cell from a caller who is not in my small contacts list (which has maybe 20 numbers), I just open the phone an inch then close it, ending the call while ending the ringtone. If I get a voice mail and I am at home, I can call the voice mail system from my land line so I don't burn minutes listening to and clearing out my voice mailbox.

On my land line, if Nomorobo didn't block the unknown-number call, (it disconnects calls after one ring), I answer it but say nothing. Many times, these robocallers don't begin their shtick until there is a voice at the receiver's end. Often, the caller hangs up. If it's real person, he or she will speak up if I remained silent. I had heard years ago that to confuse a robodialer I should hit the "#" and "*" buttons a bunch of times, so I do that sometimes. Not sure if it works but it is fun.

 

[Andre1969]

My mom and sister used to keep a whistle next to the phone and use it against obscene phone callers (remember that?). I wonder if that is of any use against scammers.

Probably not.

Yep, that was actually a scene in an episode of "Mama's Family"!

I'll never forget the conversation...

"Will someone tell me what he SAID?!"
"Well...okay"
"And don't you use any dirty words!"
"Okay...I...your...you...ice cubes...all night!"
"Well I never heard such filth!"

 

[sengsational]

One-time purchase of a Sentry machine completely solved the problem on the landline. It's like the "old days" at our house....if the phone rings, we drop what we're doing and answer the phone. It's always a person we know or expect to call. The only robo is the library saying my book is in, and that was a manual white list addition. Everyone else added themselves to the white list.

 

[COcheesehead]

I just block the number. They go away for awhile. Then when they come back under a different number, I block that number too. They eventually dwindle to little or none.

 

[Moemg]

I have been answering them but just laying down the phone and let them give their spiel .I then hang up the phone once the beeping starts . This has really cut down on the annoying calls .I am not sure why this works but it does .

 

[ExFlyBoy5]

Only sure fire way I have found to "stop" the spam calls (and I have used several/many methods) is to use the do not disturb feature on my Android phone. I have it configured in that it will only ring if you are in my contacts list, otherwise...off to voicemail it goes. I *might* get one or two spam related voicemails a week, but I haven't had one in about three weeks.

 

[NgineER]

There's a thing called "spoofing."...

A colleague of mine told me a scary story today. He was part of the equifax breach a year or two ago. Apparently his username for his online bank was compromised. They somehow also got his cell phone number, don't know if that was from the breach or if they had to look it up.

Yesterday while in a noisy restaurant he got a phone call from his bank (spoofed caller ID) and they told him that they were looking at what appeared to be fraudulent charges on his account. They asked him to verify a few transactions (all made up of course and none matched anything he'd purchased recently). Since there were several phony charges on the account they told him that his account had been compromised and that they would have to set up a new card for him sent via fedex. In order to validate the transaction they asked him to repeat a code they'd send him via text.

The text came through from USAA and he repeated the number back to them. They validated it and said they'd ship a new card immediately.

Once my colleague came home he checked his account - his password did not work anymore. He reset the password thinking that it was part of the fraudulent charges. He set a new password and got the double verification text from his bank and noticed that a few thousand dollars had been withdrawn via wire earlier in the evening.

Apparently their "verification" for sending a new card was for the forgotten password link verification on the website for setting up a new password. Once logged in they started transactions out of the account, starting in $100 increments and then $1,000.

He was immediately refunded half of the amount but is now working with the bank to get the rest back.

I thought that the text verification was a pretty secure alternative, but as the scammers more and more sophisticated this could become a large problem. Especially for older folks...

 

[scrabbler1]

NgineER, that's a helluva story. The key to it, as you pointed out, was this: "In order to validate the transaction they asked him to repeat a code they'd send him via text." While beautifully disguised, the moral of the story is to never, ever give a code received via text (or email) to someone over the phone.

 

[jollystomper]

A colleague of mine told me a scary story today. He was part of the equifax breach a year or two ago. Apparently his username for his online bank was compromised. They somehow also got his cell phone number, don't know if that was from the breach or if they had to look it up.

Yesterday while in a noisy restaurant he got a phone call from his bank (spoofed caller ID) and they told him that they were looking at what appeared to be fraudulent charges on his account. They asked him to verify a few transactions (all made up of course and none matched anything he'd purchased recently). Since there were several phony charges on the account they told him that his account had been compromised and that they would have to set up a new card for him sent via fedex. In order to validate the transaction they asked him to repeat a code they'd send him via text.

The text came through from USAA and he repeated the number back to them. They validated it and said they'd ship a new card immediately.

Once my colleague came home he checked his account - his password did not work anymore. He reset the password thinking that it was part of the fraudulent charges. He set a new password and got the double verification text from his bank and noticed that a few thousand dollars had been withdrawn via wire earlier in the evening.

Apparently their "verification" for sending a new card was for the forgotten password link verification on the website for setting up a new password. Once logged in they started transactions out of the account, starting in $100 increments and then $1,000.

He was immediately refunded half of the amount but is now working with the bank to get the rest back.

I thought that the text verification was a pretty secure alternative, but as the scammers more and more sophisticated this could become a large problem. Especially for older folks...

Very true, and unfortunate.

I have taken the approach of, if any of my financial institutions call me, I request a number I can call them back at. If it does not match their customer service number, I call customer service and ask them to verify if this could be a number from them, and/or if the issue raised is legitimate.

It is a pain but my method of "double authentication" for my financial institutions.

The phone companies could do more, but since they make money off of the spoofers/scammers use of their network...

 

[Chuckanut]

Scammers can know a lot about you thanks to all the security breaches that have put your and my information out in the wild. The Equifax Breach was perhaps the worst since it contains much of the information needed to convince perfect strangers that the scammer is you.

 

[JoeWras]

Right. "spoofing" is not just presenting your number, it is presenting ANY number, including a bank or insurance company.

The story above is sophisticated and currently atypical, but something we need to be careful about!

The typical spoofer just uses a random number with your exchange and area code. This tricks you into thinking it is a friend whom you don't have in your directory, so you pick up -- and get Rachel from card services.

 

[Gotadimple]

NgineER, that's a helluva story. The key to it, as you pointed out, was this: "In order to validate the transaction they asked him to repeat a code they'd send him via text." While beautifully disguised, the moral of the story is to never, ever give a code received via text (or email) to someone over the phone.

In addition, according to a manager at Microsoft who handles security and security breaches for them, consider two factor authorization using a call back - not a text message - to a specific phone number. The reason to abandon text messages with authorization code is that the text messages are NOT secure unless you have VPN running on your phone. They can be tracked.


- Rita

 

[Bestwifeever]

I don't answer, I don't even bother to block. If they don't leave a message I just delete the number from the recent call list.