Scamming by Phone
Identity theft information is contained on three pages:
- Identity Theft: obtaining information by deceit
- Phone Fraud: scamming by phone
- Phishing: email scams
The information was written with computers in mind, but these warnings also apply to smart phones and tablets.
Phone and email scams have a lot in common.
They use volume, aggression and sophistication to achieve their goal of taking people away from their money. Their entire approach is to cause harm, cause fear and get people not thinking, get them reacting and not in control.
— Times Colonist
Report Identity Theft
If you have been a victim of identity theft (or suspect you have), contact the police to report identity theft.
Don't let embarrassment keep you from talking to the authorities. If you were the only victim, identity theft would not be a growing problem.
The sooner you report the potential identity theft, the sooner you can begin to resolve the issue.
Fraudulent Phone Calls
There are two general ways that the phone is used in perpetrating scams and identity theft:
- phone calls attempting to con the person answering into providing information, funds or access to their computer; or
- fake error messages listing a phone number to call for support.
Both are attempts at identity theft using the telephone.
Phone scams include bogus “computer support” calls, “free” vacations, fake charities, calls threatening arrest, and more. These scams are perpetrated on innocent victims every day.
Phone scams are no joke. Scammers target millions of Americans every year via robodialers and many people fall victim as they are threatened with arrest warrants or guaranteed free vacations.
- Beware of these 8 common telephone scams.
- Phone phishing scams now targeting Social Insurance Numbers.
These Callers are Thieves
The purpose of their call is to steal from you — your money; your identity; your trust. Learn how to protect your identity.
When someone approaches you, remember they always want something.
— Frank Catalano
Don't be the next victim! Don't engage the caller. Just hang up.
Let Unknown Numbers Go to Voice Mail
Fraud experts recommend that you let all unknown numbers go to voice mail, even if they appear familiar. Scammers use fake caller ID to appear to be local callers.
Any of these warning signs indicate that you're probably dealing with a scammer:
- A “computer support” call telling you that your computer is infected.
- They tell you to use the “Windows” key in combination with another key to navigate your computer.
- A call offering a better credit card rates.
- A call offering a special discount or an unexpected prize.
- A call from a “CRA officer” or “Canada Border Services” threatening imminent arrest.
- A call telling you your Social Insurance Number was flagged.
- A call telling you that large purchases have been made to your credit card.
- Most robo-call offers.
Threats of “Arrest Warrants” are Bogus
In some of these scams, the caller states that an arrest warrant has been issued, but they can stop it if you comply with their monetary requests.
If there was a warrant for your arrest, the police would be at your door, not having a “CRA officer” or “police officer” call you.
Just Hang Up
Don't respond. Just hang up.
The Caller Has No Authority
You don't need to fear these calls.
One lady was scammed for thousands of dollars because “the caller told me I couldn't hang up.”
Callers Need to Prove Their Identity
Be wary of any calls you didn't initiate.
If YOU contact your bank or credit card company, they need information to identify you. This is normal. Just be sure you obtain that contact number from a trusted source such as a recent invoice or statement.
However, if you DIDN'T initiate the call using a reliable source for the phone number, the caller has no right to expect you to provide such information.
The party placing the call is always the one that has to prove their legitimacy.
Credit Card Scams
Notice that scam phone calls about “your VISA and MasterCard account” immediately ask for your credit card number?
- It is rare for financial institutions to offer both VISA and MasterCard.
- They would identify themselves by institution, not credit card.
- They should never expect you to provide your credit card number if they called you.
If you have concerns about your credit card(s), call the number on the back of the card or visit your bank in person.
Calls from Canada Post?
Fraudulent phone calls are circulating from “ Canada Post” asking for personal information including your SIN to obtain your delivery of a wrongly-addressed package. Canada Post doesn't have your phone number and will simply return a package to the sender in these circumstances.
Don't Provide Information
NEVER either confirm or provide any information to an unknown caller (especially when asked to prove who you are).
- Never give out personal information
- Never give out your Social Insurance Number (SIN).
- Never confirm or correct information.
- Never provide credit details or a credit card.
- Never provide a blank or written check.
From a financial perspective your tax information as well as your entire credit profile including your history and credit score and connected to your SIN.
— Toronto City News
Recovery of a lost SIN is difficult and doesn't prevent the older number from being used fraudulently.
Never give any personal information, such as a Social Security number, to a caller unless you're positive he or she is a legitimate representative of a company with which you regularly do business.
If there's any question, ask for the caller's full name, title and department and tell him or her you'll call back.
Use the business's phone number as posted on its website or, better still, on any snail-mailed statement or correspondence you've received from the company.
— Check Point blog
Be wary when calling back a missed number, particularly if it only rang once. Calls to “regular” numbers in certain (mostly Caribbean) countries can be treated like 900 “pay-per-minute” numbers.
Credit Card Scams
Credit cards are involved in most of these scams in one way or another. They'll try to either scare you or use greed to cause you to respond positively rather than question their authenticity.
- Even though they've called you, they'll request that you provide your credit card details, name, address, etc. “to prove who you are” (and enough to be able to either use the card or establish credit in your name).
- Remember, they called you.
- These calls usually mention both VISA and MasterCard. Most financial institutions only offer one or the other.
- There is a relatively new credit card scam where the automated call says there are suspicious charges on your card. Usually fairly large purchases are mentioned.
Remember, these are seldom legitimate calls. Thieves are trying to con you into giving up your credit card details.
These calls begin by telling you that you've won a lottery or some other significant prize. But there's a catch: you need to pay shipping and taxes or other fees before the prize is delivered.
- Prizes are not taxable in Canada and there should never be any shipping or handling fees regardless of where you live.
- It is highly likely that you won't remember having entered the named contest or even know about it.
Similarly, any special discount would not involve shipping or other fees.
CRA and Threats of Arrest
This is a particularly scary call. A person identifying themselves as a CRA officer states that you owe a great deal of tax and a warrant is being issued for your arrest unless you can pay the officer.
The Canada Revenue Agency will never call and use nasty language or threaten a customer. They will also never ask for credit card information, personal information by email or text, or request your social insurance number or ask for bank account information.
— CTV News
Callers Need to Prove Their Identity
- You would be notified by mail of any amount outstanding on your taxes long before this point.
- Police officers would be at your door rather than someone calling you if there was a reason to arrest you.
- You would be notified by mail or email of any amount outstanding on your taxes long before this point.
The newest variation appears to be calls from your local police threatening arrest.
Scammers have defrauded Canadians out of tens of millions of dollars over the past decade pretending to be collecting back taxes with the Canada Revenue Agency — but police are warning of a new twist on the old scam.
The scammers are pretending to be officers with local police forces, investigators said.
The thieves are also using caller ID spoofing so it looks like the call is coming from a police phone number.
— CTV News
“Can You Hear Me?”
Your response to “Can You Hear Me?” or similar questions can be recorded and used as “proof” you ordered a product or service.
I answered the phone. They said: "Hi my name is Matt on a recorded line and I'm with Health Source. Can you hear me okay?" I said: "Yes" They then hung up.
— as reported to BBB.org
These are known scam techniques. Don't respond; just hang up.
- They call early in the morning or late at night (when you're less alert). This is illegal in Canada.
- They request that you confirm your account number or other details.
- They ask for remote access to your computer or to download and install software.
- They use a transfer of trust by saying they are with a well-known agency such as Microsoft, the CRA or IRS.
Remember, they called you! so it's their identity that is unconfirmed.
For more information, try these resources:
- The Canadian Anti-Fraud Centre lists the most common scams.
- What to expect when the Canada Revenue Agency contacts you.
- IRS tax scams & consumer alerts
- Spot a business or offer that sounds like a scam? BBB Scam Tracker.
- Spot a business or offer that sounds like a scam? Tell the Better Business Bureau about it.
Beware of “Computer Support” Calls
I'm calling from Microsoft…
No, they aren't. They are scamming you!
Just Hang Up!
ANY phone call from a “technical support” person saying that you have a problem with your computer is a SCAM! Just hang up.
If they had the ability look into your computer to see errors, they could have fixed them without calling you.
If you get such a call, don't panic. Stop and think it through.
The caller may attempt to “prove” they are legitimate by getting you to visit their website. Don't!
These callers are criminals regardless of what their website indicates and located in countries where prosecution is difficult or impossible.
Globally, about two-thirds of the respondents had encountered a technical support scam. About one in five had been duped -- allowed the scammer to continue his or her story -- and nearly one in 10 had actually given money to the fraudster.
They called you to tell you about problem you weren't experiencing.
What If It Was Legitimate?
If you have reason to believe the call is legitimate, hang up then look up the number from legitimate source such as a recent invoice or statement from that company then call them back using the number printed on those documents.
In most cases, the company won't know what you're talking about.
If it was a genuine support call, they will understand your reasons for hanging up.
Tech Support Scams are Costly
The caller will attempt to convince you that your computer needs fixing then charge you for this unnecessary “support call.”
Telephone scams return around $470 per call. Thanks to robocalling (automated calling), number finding technology, and fake caller IDs, scammers fool more people than ever before.
Given how much money the scam makes, and how little call centers pay (e.g., Indian call centers pay around $2 an hour), your decision to "keep them on the line" really isn't helping anyone.
The unspecified expenses will come later:
At first I hung up on this call, then he kept calling so finally I thought maybe this is legitimate. He proceeded to tell me my computer was at a security breach and he would clear it for me.
He also said he was from Microsoft and that it would not cost me any charges. After about 3 hours of calling back and forth I ended up $1,999.99 ripped off.
— as reported to BBB.org
What Actually Happens?
Most of these calls have two goals:
- To bill you excessively for unnecessary services.
- To gain access to your computer and steal your personal information.
They will make your computer less secure.
In addition to selling you bogus security software, the scammers will attempt to locate and download personal information that can later be used for profit.
When give the scammers access to your computer, they will download your personal information and data, including your passwords, banking info and other financial information. They use this data to steal money from you, potentially blackmail you, and even steal your identity.
One trick is to have the victim click on the Windows Key + R keyboard combination to bring up the Run command, then have them type in “msconfig” (they'll spell it out) to open System Configuration then click on the Services tab:
They scammer will point out the stopped Microsoft services, calling these “errors” and telling you that your computer is about to crash. It isn't.
This is NORMAL, but most users are confused by the use of the keyboard commands and immediately feel out of their depth.
They Want You to Panic
The use of this intimidating technique is intentional. The caller wants you to panic so that you follow their advice without thinking about it.
Now they'll get you to enter the same Windows Key + R keyboard combination, then www.google.com (which opens Google) and have you search for an older (insecure) version of TeamViewer.
Designed to Confuse
This is different that the way most users would approach a search by using their mouse to open their primary browser then enter a generalized search term that would bring up a current version of TeamViewer. Again, this is intentional and designed to confuse you.
NOW They Have Access to Your Computer
When installed, this insecure (vulnerable) program will provide the caller with remote access to your computer.
This older program lacks any of the newest security measures which makes your computer vulnerable to their attack on your system.
They Don't Know You
Remember, the caller has no advance information about your computer. All they have is their bag of tricks to try to scam you and access to your social media (watch what you post!).
- Never provide remote access to your computer via TeamViewer or any other product based upon a phone call, email or any unexpected popup warning on your computer.
- Never follow instructions to navigate to folders or type any instructions via your keyboard.
- Never provide nor confirm any personal or computer information (including passwords, software versions or serial numbers, credit card numbers, etc.).
- Never visit websites or install software suggested by an unknown caller.
Your best option is to hang up without saying goodbye and without following any of their instructions.
Providing Remote Access is Dangerous
My policy is to disable remote access for my clients and not provide remote service exactly. I don't want my clients vulnerable to being scammed.
Remote access or unknown software can allow the remote user to do ANYTHING on your computer, including installing nefarious software or stealing your personal information.
If you follow their advice, you'll waste your money on software that won't help protect your computer. Worse, it will likely make your computer more vulnerable and you'll become a victim of identity theft and credit card abuse for which you'll foot the bill.
Don't be a victim! Just hang up.
Have You Allowed Access to Your Computer?
If you fall for such a scam, immediately shut down the computer and call a local service technician you can trust.
Scammers cannot access your computer or its data if it is shut down.
Because you can never be certain that your computer is safe, you'll need to have the hard drive wiped then a clean install performed.
A service centre can perform these tasks safely:
- The computer's drive can be removed and data can be recovered without turning on the computer.
- The drive can then be wiped, followed by a new installation of Windows (or macOS, Linux, etc.).
- Current security software can be then installed and updated to protect your computer and data.
- Data can then be restored.
- Programs can then be installed for which you can provide a licence.
Depending upon the service and their history with you, they may be able to do a more personalized install. Unfortunately, there is no way to simply clean up the computer and know that it is safe after scammers have had access.
I suggest you be very selective in what software you choose to restore to your newly cleaned computer or device.
Cleanup is Costly
Yes, this is going to cost you but at least you'll be able to minimize future potential damage caused by providing access to unknown parties. It cannot prevent the use of material already stolen during the time the scammer had remote access to your computer.
Microsoft estimated the cost of cleaning up after a successful scam at $875.00 (and that was in 2011). More on these sites:
- Report a technical support scam to Microsoft.
- Scammed by Wowser E Services? Here's what to do.
- Stay Safe Online's blog has tips and news about keeping your computer and family safe online.
- Tech support scams — from Microsoft.
- Protect yourself from tech support scams.
- Cold call tech support scams increasingly common.
- How to protect yourself from scammers (CRTC).
- ‘We're with Windows.’ The anatomy of a cold-calling scam.
- Avoiding tech support scams — from Microsoft.
- Listen to a scam computer virus call.
- 15% received a call (22% of those fell for the con).
Don't be the next victim! Just hang up.
If You've Become a Victim
If you become a victim, it will probably take you hundreds of hours and an average of $1,000 to recover from ID theft. Even worse, some innocent victims have ended up in prison because identity thieves have committed crimes in their names.
If you've fallen for one of these scams, don't be embarrassed. If you were the only victim, the crooks would be out of business.
Report the Crime
However, you do need to take some immediate measures to limit the damage, starting with reporting the crime.
Have Your Computer Checked
If your computer was accessed, take your computer to a trusted computer professional to assess the damage. Service personnel can look for the signs of problems but no one can guarantee the computer is clean under these circumstances.
In some cases the computer many need to have a clean install (data backed up, operating system and software reinstalled, data restored) to ensure the computer is not infected.
Change Your Passwords
Your passwords may be compromised. Notify the companies involved and immediately change ALL your passwords.
Notify Financial Institutions and Police
If you provided a credit card or banking details, you'll need to immediately notify those financial institutions.
Notify the police to report the potential identity theft and contact the Canadian Anti-Fraud Centre at 1-888-495-8501 to report that you've probably become the victim of identity theft.
Microsoft issued a warning on tech support scams:
- Be wary of any unsolicited phone call or pop-up message on your device.
- Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.
- Do not call the number in a pop-up window on your device. Microsoft's error and warning messages NEVER include a phone number.
- Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
- If skeptical, take the person's information down and immediately report it to your local authorities.
Error Messages with Phone Numbers
NEVER call phone numbers listed in error messages. Instead call your local tech support person or hire me.
Legitimate Errors Lack Phone Numbers
Microsoft's warnings will NEVER include a phone number. Neither will Mozilla's.
If a recovery phone number is displayed, you're seeing a scam. NEVER call that number.
Unexpected Error Messages
Unexpected error messages like these or dire warnings are NEVER legitimate. They are generally malware designed to trap you into expensive service contracts that are scams.
More About Suspicious Popups
Beware of suspicious warnings or popups on websites and on your computer.
- You suddenly hear an audio-based warning that your computer has been infected. There doesn't seem to be any solution other than to follow the instructions.
- A website reports that your Windows licence key has been corrupted.
- A red box popup up stating that there is a Firefox critical error telling you to call a number.
- A blue screen appears stating that Microsoft Windows has detected some suspicious activities on your computer, listing an error code and a support number.
If you're having difficulty closing a popup, see popup warnings that won't go away for solutions.
Remote Infection Detection Unlikely
There is no current technology for websites to determine if your computer is infected with malware or viruses.
However, Microsoft and other agencies may run “honey-pot” programs that collect information about spam emails.
If your email is involved, they are unlikely to call or email you (they may disable your account at the server level).