Phone scams in the US are on the rise, so here’s how to recognize and fight them
You know what really sucks? When bad actors use the awesome technology of today — like some of the best phones out there — in order to trick us into doing their bidding. The worst part about all this is that the more technology progresses, the easier it becomes to set up some sort of scam to get something out of people.
There’s no denying the simple truth: phone scams are on the rise and scammers have tricked Americans into losing billions of dollars. 2023 is still going on and hard data is scarce, but let’s take this example: phishing attacks have been on the rise ever since 2018. And a recent study showed that some of the most popular US carriers are being used by scammers in order to target US citizens.
The great news is that authorities of all shapes, sizes and origins have noticed and there's actually numerous things going on in order to reduce the rate of cybercrime in the US. That being said, those rates are still pretty high. So we decided to lend a hand and help out through the power of information!
What’s a “phone scam” anyway? Well, that’s when a bad actor gets in touch with you over the phone and then tries to get something out of that exchange, without any substantial reason for them to expect that.
As you might know, however, phones have become pretty capable. As such, “getting in touch” can mean a number of things and scammers are prone to using all of them. So, if we have to be technical, then phone scams can be put into three categories:
Now, I know that some of you may disagree regarding the last bit, so I’d like to raise this reminder: most of us have phones and all phones, regardless if it’s an iPhone 15 or a Galaxy S23, literally come with an email address as a requirement for you to use them.
So, while at first glance it may appear as if the only difference between these three is the means of contact, that’s not actually the case. Because the type of communication defines what tactics the scammer can use against you. Even if they are technically the same tricks, they can look and feel different depending on the means of communication.
And if that’s the case, we can’t really go on without specifying said tricks!
Social engineering is truly awesome. But that’s only from the POV from ethical hackers and social engineers, who use it to raise awareness and educate people. But, unfortunately, bad actors exist too and they can use this tactic in all sorts of ways, like convincing people to download unwanted malware.
For example, over the phone a social engineer will act in a manner which can convince you that they are indeed calling from your carrier’s support center or from your bank, or even from your local hospital.
These people basically act out the part: they mimic the typical tone of voice, they use the expected vocabulary and some of them even fake accents to seem like foreigners in order to get you to trust them, which is their key to getting something from you, like your credit card information or your passwords.
On the other hand, social engineering looks and feels very different in SMS or Email form. In texts, the aim would be to make the message look as close as possible to an actual one that you may get from any service that you use, such as the ones described above.
And in email? Well, scammers can go as far as adding graphics and imitate the templates to convince you that the email that you’ve received is legitimate.
But presentation alone doesn’t get the job done, which is why scammers rely on the other tactics. Pressuring you into doing something is a key moment here: social engineers will always try to make the situation seem urgent and will even go as far as to threaten you with jail time, risk of health or financial status or exclusivity of an offer, like a prize.
By the way, even though this is rare, scammers will sometimes try to trick you into downloading files. And they don’t always need to be dead giveaways such as .EXE or .APK files, which are well known installer files. .PDF or .XLS files can be just as dangerous, so if you see that you’ve received one from an unverified source: don’t download it!
I know that all of this can sound really creepy and kind of disheartening, but I’ve got great news! Even if it may seem like scammers have all they need in order to make a profit from you, here’s the truth: you’ve got all it takes to put a stop to it too!
As you might’ve come to understand from the last section: social engineers and scammers in general are pretty smart. But they are also creatures of habit, which can help us identify and combat them.
But before we can do that, we need to understand who they are targeting and why. And that part is actually pretty straightforward. Here are the prime targets for scammers:
The first one is a wide group: it’s everyone that’s part of a company or any sort of organization, ranging from a book club to an online forum. Why? Well, because if a hacker “cracks” open the right server, all of the delicious, juicy user data like emails and phone numbers are just sitting there. And you already know what social engineers do with that.
It really makes me sad to see the elderly still being a target group for these bad actors, because my own grandparents have been victims of scam attacks, where their love for me specifically was the key for the fraudsters almost getting a profit. And isn’t this the perfect example of why they are targets? Lack of experience with rising technology, combined with a kind heart is just what a scammer is looking for in a target.
Lastly: victims of massive data leaks. And while we hear about bigger instances of such, let’s not forget: a lot of us are taking part in lesser-known services too. And those don’t get as much time in the spotlight. So if you know that you are a part of something like this, then if you start getting spammed, you should definitely check with every service that fits the description.
We’ve got a lot of readers, so we decided to run a survey and actually ask you guys if you’ve ever gotten scammed. Out of 436 responders, over half reported that scammers had attempted to take advantage of them.
PhoneArena has been visited by almost half a million US citizens aged 45 and up in the last month alone. Given the case, you can probably see what got us inspired to write this one.
So let’s get down to the meat of it all!
Well, phone scams aren’t exactly the type of enemy you “defeat”. But you can still come out the victor, so long as you learn how to avoid them. At this point, you’ve gotten to know what scammers and social engineers are aiming, so if you recognize it, here’s what to do:
So! Pretty simple overall, but we’ve got to talk about the most essential parts of the workflow, namely:
But how can you double check if something is actually real or not? Glad you asked:
This one is as easy as copying the inbound phone number or email address and doing a quick Google search with it. In most cases, if it’s associated with heavy scam-related activities, it will come right up, indicated as such.
If it doesn’t, it may be a legitimate means of contact. BUT! Spoofing is still a thing. And, unfortunately, for some companies that means that scammers are able to make an email appear as if sent through an authentic company email address. Since that is the case, I recommend doing the next step too.
To me, this is your best line of defense against malicious actors.
Are they calling you to ask for money to get medical help from someone you know? Ask that person if they are actually sick. Are they calling to tell you that your savings account is under threat? Check with your bank and verify if that is actually the case.
Better yet, your best course of action here is to do this through a different means of communication. If the supposed scammer has called you over the phone, pretending to be your bank, then use online chat to get in touch with the bank and ask if that’s actually the case. This will eliminate the possibility of a given type of communication being compromised.
This also works best when someone is calling you, pretending to be a loved one. If that’s the case: just text that person while the scammer is on the line. If the legitimate person responds with confusion, then you know it’s a scam for sure!
Here’s the deal: scammers are relying on the fact that you won’t report them. That’s mostly because they know that most people don’t know that they can even do that. But you can, to a rather large number of authorities.
And when you do, you certainly put a wrench in the scammer’s operation. If you do it quick enough, you may even put an end to their gig for good. So, every recognised scam is an opportunity for you to play the hero for real and help your community out!
These tips, however, are in no way exhaustive. And they can’t possibly be by design, because as time passes, new “creative” methods may become developed by scammers. So what can you do in those cases?
Well, some of the biggest US carriers like AT&T, T-Mobile and Verizon already have FAQ pages that are full of advice for how to avoid getting scammed, so it’s highly likely that whatever your carrier is: they’ve got one up too.
And the same can basically be said for major phone manufacturers such as Apple or Samsung.
But, you know, just in case that isn’t enough: the FTC, FBI and other US authorities have information on the topic too. In fact, here’s my favorite advice on how to avoid phone scams from the FTC:
Or in short: stay vigilant, keep your cool and question everything!
Let’s close things off on a high note: authorities, phone manufacturers and carriers are doing their best to fight the good fight. After all, technology isn’t only advancing for the scammers, it’s advancing for us too.
No joke: I once assisted a police officer from a different country in tracking down and capturing a PayPal scammer in real time, through the phone. It was awesome and I’m never going to forget it. And that was years ago.
Today? Well:
So, as you can see, scammers and fraudsters haven’t gotten the best of us yet. In fact, I honestly believe that we’re gaining on them. And I can now confidently say “we”, because I know that through the knowledge in this article, you are prepared to join the fight.
The great news is that authorities of all shapes, sizes and origins have noticed and there's actually numerous things going on in order to reduce the rate of cybercrime in the US. That being said, those rates are still pretty high. So we decided to lend a hand and help out through the power of information!
Because, as G.I. Joe said: knowing is half the battle. But just in case you don’t trust a children’s cartoon: the FBI is literally saying the same thing. And in the case of phone scams, it is absolutely true.
So here’s what you are about to learn about phone scams:
What types of “phone scams” are there anyway?
A lot of phones, like the ThinkPhone, come with extra security features. | Image credit - PhoneArena
What’s a “phone scam” anyway? Well, that’s when a bad actor gets in touch with you over the phone and then tries to get something out of that exchange, without any substantial reason for them to expect that.
As you might know, however, phones have become pretty capable. As such, “getting in touch” can mean a number of things and scammers are prone to using all of them. So, if we have to be technical, then phone scams can be put into three categories:
- Call scams
- SMS scams
- Email scams
Now, I know that some of you may disagree regarding the last bit, so I’d like to raise this reminder: most of us have phones and all phones, regardless if it’s an iPhone 15 or a Galaxy S23, literally come with an email address as a requirement for you to use them.
So, while at first glance it may appear as if the only difference between these three is the means of contact, that’s not actually the case. Because the type of communication defines what tactics the scammer can use against you. Even if they are technically the same tricks, they can look and feel different depending on the means of communication.
The tools of a scammer’s trade
- Social engineering: the art of convincing people to do things
- Pressure: the key ingredient to get you to act on the convincing part
- Spoofing: a technology used to change the displayed caller ID
- Imposter schemes: scammers pretending to be someone else
- Trusting that you won’t do anything about the scam even if you don’t fall for it
Social engineering is truly awesome. But that’s only from the POV from ethical hackers and social engineers, who use it to raise awareness and educate people. But, unfortunately, bad actors exist too and they can use this tactic in all sorts of ways, like convincing people to download unwanted malware.
For example, over the phone a social engineer will act in a manner which can convince you that they are indeed calling from your carrier’s support center or from your bank, or even from your local hospital.
These people basically act out the part: they mimic the typical tone of voice, they use the expected vocabulary and some of them even fake accents to seem like foreigners in order to get you to trust them, which is their key to getting something from you, like your credit card information or your passwords.
On the other hand, social engineering looks and feels very different in SMS or Email form. In texts, the aim would be to make the message look as close as possible to an actual one that you may get from any service that you use, such as the ones described above.
But presentation alone doesn’t get the job done, which is why scammers rely on the other tactics. Pressuring you into doing something is a key moment here: social engineers will always try to make the situation seem urgent and will even go as far as to threaten you with jail time, risk of health or financial status or exclusivity of an offer, like a prize.
By the way, even though this is rare, scammers will sometimes try to trick you into downloading files. And they don’t always need to be dead giveaways such as .EXE or .APK files, which are well known installer files. .PDF or .XLS files can be just as dangerous, so if you see that you’ve received one from an unverified source: don’t download it!
I know that all of this can sound really creepy and kind of disheartening, but I’ve got great news! Even if it may seem like scammers have all they need in order to make a profit from you, here’s the truth: you’ve got all it takes to put a stop to it too!
Who are scammers targeting and why?
iPhones let you filter out messages from unknown senders completely. | Image credit - PhoneArena
As you might’ve come to understand from the last section: social engineers and scammers in general are pretty smart. But they are also creatures of habit, which can help us identify and combat them.
But before we can do that, we need to understand who they are targeting and why. And that part is actually pretty straightforward. Here are the prime targets for scammers:
- Members of organizations
- The elderly
- Victims of massive data leaks
The first one is a wide group: it’s everyone that’s part of a company or any sort of organization, ranging from a book club to an online forum. Why? Well, because if a hacker “cracks” open the right server, all of the delicious, juicy user data like emails and phone numbers are just sitting there. And you already know what social engineers do with that.
Lastly: victims of massive data leaks. And while we hear about bigger instances of such, let’s not forget: a lot of us are taking part in lesser-known services too. And those don’t get as much time in the spotlight. So if you know that you are a part of something like this, then if you start getting spammed, you should definitely check with every service that fits the description.
We’ve got a lot of readers, so we decided to run a survey and actually ask you guys if you’ve ever gotten scammed. Out of 436 responders, over half reported that scammers had attempted to take advantage of them.
PhoneArena has been visited by almost half a million US citizens aged 45 and up in the last month alone. Given the case, you can probably see what got us inspired to write this one.
Now that we know the enemy, how do we defeat it?
Galaxy phones also offer extra protection through Smart Call.
Well, phone scams aren’t exactly the type of enemy you “defeat”. But you can still come out the victor, so long as you learn how to avoid them. At this point, you’ve gotten to know what scammers and social engineers are aiming, so if you recognize it, here’s what to do:
- Don’t trust Caller ID
- Hang up or ignore the SMS/Email
- Don’t act upon any suspicious request
- Verify if it was legitimate or not through a second line of communication
- If it was not legitimate: block the sender’s number or email address
- Report the attempt to any authority that has a process to receive such reports
So! Pretty simple overall, but we’ve got to talk about the most essential parts of the workflow, namely:
- Double-checking for legitimacy
- Reporting a verified scam attempt
But how can you double check if something is actually real or not? Glad you asked:
How to check online if you are being scammed?
This one is as easy as copying the inbound phone number or email address and doing a quick Google search with it. In most cases, if it’s associated with heavy scam-related activities, it will come right up, indicated as such.
If it doesn’t, it may be a legitimate means of contact. BUT! Spoofing is still a thing. And, unfortunately, for some companies that means that scammers are able to make an email appear as if sent through an authentic company email address. Since that is the case, I recommend doing the next step too.
How to use a second communications line to verify if something is a scam?
To me, this is your best line of defense against malicious actors.
Are they calling you to ask for money to get medical help from someone you know? Ask that person if they are actually sick. Are they calling to tell you that your savings account is under threat? Check with your bank and verify if that is actually the case.
This also works best when someone is calling you, pretending to be a loved one. If that’s the case: just text that person while the scammer is on the line. If the legitimate person responds with confusion, then you know it’s a scam for sure!
How to report a real scam attempt to the respective authorities?
Here’s the deal: scammers are relying on the fact that you won’t report them. That’s mostly because they know that most people don’t know that they can even do that. But you can, to a rather large number of authorities.
And when you do, you certainly put a wrench in the scammer’s operation. If you do it quick enough, you may even put an end to their gig for good. So, every recognised scam is an opportunity for you to play the hero for real and help your community out!
These tips, however, are in no way exhaustive. And they can’t possibly be by design, because as time passes, new “creative” methods may become developed by scammers. So what can you do in those cases?
Well, some of the biggest US carriers like AT&T, T-Mobile and Verizon already have FAQ pages that are full of advice for how to avoid getting scammed, so it’s highly likely that whatever your carrier is: they’ve got one up too.
But, you know, just in case that isn’t enough: the FTC, FBI and other US authorities have information on the topic too. In fact, here’s my favorite advice on how to avoid phone scams from the FTC:
- If you’ve got to pay for a prize, it’s not a prize
- Authorities don't just bully you into paying taxes under threat of jail
- Very few issues need to be resolved on the spot
- If you can, pay with a card, because that’s traceable and provable, unlike cash
- No-self respecting establishment will call you to ask for sensitive information
Or in short: stay vigilant, keep your cool and question everything!
Half the battle is now won!
Pixel phones come with their own version of Call Screening to protect you. | Image credit - PhoneArena
Let’s close things off on a high note: authorities, phone manufacturers and carriers are doing their best to fight the good fight. After all, technology isn’t only advancing for the scammers, it’s advancing for us too.
No joke: I once assisted a police officer from a different country in tracking down and capturing a PayPal scammer in real time, through the phone. It was awesome and I’m never going to forget it. And that was years ago.
Today? Well:
- Call Screening, available on Pixel phones, to check on the caller before you truly respond
- Galaxy phones’ Smart Call feature, which flags potential scams and spam ahead of time
- АТ&T’s ActiveArmor, which blocks spam calls in real time
- T-Mobile Scam ID & Scam Block: live services on the network itself, which block scams or indicate likely scam calls
- Verizon’s Call Filter app, which can filter out spam and scam calls
So, as you can see, scammers and fraudsters haven’t gotten the best of us yet. In fact, I honestly believe that we’re gaining on them. And I can now confidently say “we”, because I know that through the knowledge in this article, you are prepared to join the fight.
Things that are NOT allowed: