A Hostage Claim
My mother pulled me aside this week to tell me a story about a friend’s husband that was scammed over the phone with a fake hostage claim. The call came through the cell phone, was a rude and abrasive guy claiming that he had the guy’s daughter and was going to start cutting off her fingers if the guy didn’t get money to him. Needless to say the poor guy was terrified. And in the end, the scammer required the money wired to him. That’s when the victim had the light bulb moment of “oh crap, this is a scam”. Here is a great news article that highlights this scam.
I had never heard of this before and it's scary. However, it’s not all that surprising. Growing up I didn’t have cell phones and we barely had an answering machine - no age jokes, mkay? I remember my father hated answering the phone so he would screen the calls through the answering machine. Why did we ever stop? Ok, we don’t have cell phone answering machines, but we do have voicemail and oh, boy do I use it. I have become so adamant that if I don’t have the number in my address book, I don’t answer the call. Too many scams, marking, surveys - aka junk calls. Ewww. No more.
SS7
But Angel, how does this relate to IT. Here’s the weird part, the cell phone of the victim after the attack didn’t work. Odd right? Not so odd. In fact, it's super easy to hack a cell phone just by using the phone number. WHAT? Scary I know. SS7 - no, not a new James Bond movie, is the culprit. This vulnerability is what allows these easy hacks to actually occur. SS7 is Signaling Systems 7, which connects all cellular networks/providers in the world together. This flaw allows for eavesdropping, fraud and all kinds of bad guy activity to happen. Here is a great you tube video for more information.
There are a few things to consider with SS7
1. This is more likely to happen in Europe - I am not sure this makes this any better, but OK.
2. SS7 is a known vulnerability - OK, um can we fix it then? Maybe?
1. This is more likely to happen in Europe - I am not sure this makes this any better, but OK.
2. SS7 is a known vulnerability - OK, um can we fix it then? Maybe?
3. NSA pretty much can do this eavesdropping thing already - Hi, NSA!
4. There may or may not be limitations on this technology.
4. There may or may not be limitations on this technology.
5. The news isn't talking about it. - Well, in all fairness it isn't nearly as interesting as the Brangelina divorce...
Cartoon retrieved from: http://www.politicalcartoons.com/cartoon/bdcb68a2-710f-4587-a924-16258b0af709.html
My Advice
As more scams and marketing callers are calling your cell, please consider the following.
1. If the number looks strange or you don't recognize it, don't answer your phone. I won't answer my phone unless I have the number in my address book.
2. Hesitation. If you answer the phone and something strange or scammy starts, give yourself a point of hesitation and ask, "is this real?" When in doubt, hang up your phone.
3. Research the number calling you. Many sites allow you to see the number calling a safe caller or not.
4. Make sure you have anti-virus and malware software on your phones. Especially anything Windows based, since hacks can happen outside of SS7. Really. We are only scratching the surface here. Research, research, research.
As this gets worse, we need to be cell phoning defensively to protect ourselves.
When in doubt - don't. Don't answer the call, don't respond and hang it up.
Until next time, stay safe out there!
References
https://www.youtube.com/watch?v=Xbo1QhVkIO0
http://www.computerweekly.com/news/4500251756/Security-flaw-exposes-billions-of-mobile-phone-users-to-eavesdropping
http://hudsonvalleynewsnetwork.com/2016/08/07/police-warn-hostage-phone-scam/
https://www.youtube.com/watch?v=Xbo1QhVkIO0
http://www.computerweekly.com/news/4500251756/Security-flaw-exposes-billions-of-mobile-phone-users-to-eavesdropping
http://hudsonvalleynewsnetwork.com/2016/08/07/police-warn-hostage-phone-scam/
Week 6 Blog Post
No comments:
Post a Comment