‘Steals your money and infects your device’ warn experts over ‘pretexting’ message that targets Android and iPhone users
ANDROID and iPhone users should be aware of “pretexting” scams that aim to strip them of their money and steal their information.
In pretexting, scammers trick their unsuspecting victims into disclosing private details or sending money.
The scheme relies on what is known as social engineering – the use of psychological manipulation to get access to systems or information.
Many scams often prey on people who are less digitally literate, like the elderly.
In one of the best-known schemes, a cybercriminal poses as a representative from a tech company.
The scammer will request remote access to your computer to fix an issue, often asking you to install applications onto your device.
Once they are granted access, these criminals can make changes to your device or breach your accounts. The latter is even easier if you have passwords set to autofill.
In another type of scam, a criminal will create a profile on a dating website and gain your trust over some time before suddenly requesting money.
This scheme – called “catfishing” after the 2010 documentary – often sees scammers using photos of other people to fabricate an identity.
Your love interest may claim they aren’t able to get on a voice call or video chat, which could be a sign they aren’t who they claim to be.
Cybercriminals may also pose as government employees and demand money or personal details.
These usually come in the form of IRS scams in the United States, with criminals claiming you’re behind on taxes and threatening legal action.
Similarly, Social Security scammers will say there’s an issue with your account and demand your information to resolve it.
It is important to remember that government agencies generally communicate with you through letters before reaching out online unless you’ve contacted them first.
Job scams may be an unsolicited text message or email. The sender will pose as a hiring manager who “found your information online” or “was referred” by someone you know.
Be wary if the company immediately asks for your Social Security number or bank information before giving you an offer.
You should check if the company has a poor reputation online, including complaints from other would-be victims.
Another type of scam is “vishing,” or voice phishing, where cybercriminals use artificial intelligence tools to replicate the voice of a loved one.
Scammers can even use Voice over Internet Protocol technology to assign phone numbers and make it appear they’re calling from a legitimate number.
Posing as a friend or relative, the criminal will ask for money, claiming they’ve been in an accident or are in danger and need money.
All a scammer needs is a video or audio clip from social media, which can be fed into AI tools that mimic human speech.
While some scams are easier to spot, it is best to exercise caution.
Unsolicited messages should be a warning sign, especially if they contain grammatical and spelling mistakes.
If an offer seems too good to be true – claims you won a sweepstakes you don’t remember entering, for instance – it likely is.
To protect yourself, never answer calls from an unrecognized number. If you answer a call from someone you suspect is legitimate but start to suspect the caller is a scammer, hang up and dial the organization directly.
Never open unsolicited links or attachments. These will either lead to a spoofed site asking you to input personal information, which will then be stolen, or download malware onto your device.
Delete the message after reporting it as spam to your service provider.
How are scammers finding my number?
Here Mackenzie Tatananni, science and technology reporter at The U.S. Sun, breaks down ways a scammer may get your information.
Scammers commonly get phone numbers from data breaches, which occur when a hacker accesses a private database – often those maintained by companies like service providers and employers.
This information may be shared and circulated online, including on the dark web, where there are forums dedicated to sharing leaked information.
Another common technique called wardialing employs an automated system that targets specific area codes.
A recorded message will instruct the listener to enter sensitive information, like a card number and PIN.
There is also a far more harrowing possibility: your phone number could be listed online without your knowledge.
Data brokers are hungry to buy and sell your information. These companies gather information from various public sources online, including social media and public records
Their primary goal is to build databases of people and use this information for tailored advertising and marketing.
Much of this information ends up on public record sites, which display information like your phone number, email, home address, and date of birth for anyone to see.
In the United States, these sites are legally required to remove your information if you request it.
Locate your profile and follow the opt-out instructions, but be warned – these sites do not make it easy and intend to frustrate you out of completing the deregistration process.
For simplicity’s sake, you can also use a tool to purge your information from the Internet.
Norton offers one such service. Called the Privacy Monitor Assistant, the tool finds info online and requests removal on your behalf.
It is also possible that your phone number may be linked to a social media account and publicly displayed on your profile – this happens quite frequently with Facebook.
Be sure to review your privacy settings and confirm this information is hidden away from prying eyes.
As always, common sense is key. Don’t give out personal information unless you’ve verified the identity of the person you’re speaking to.
It is also important to mind the information you share online.
Review your social media profiles to see which information is public, like contact information, birthdays, and addresses.
You should also check if data brokers have listed your information online. These sites are legally required to remove it upon request.