Scamming by Phone
Identity theft information is contained on three pages:
- Identity Theft: obtaining information by deceit
- Phone Fraud: scamming by phone (this page)
- Phishing: email scams
Phone and email scams have a lot in common.
They use volume, aggression and sophistication to achieve their goal of taking people away from their money. Their entire approach is to cause harm, cause fear and get people not thinking, get them reacting and not in control. — Times Colonist
Report Identity Theft
If you have been a victim of identity theft (or suspect you have), contact the police to report identity theft.
Don't let embarrassment keep you from talking to the authorities. If you were the only victim, identity theft would not be a growing problem.
The sooner you report the potential identity theft, the sooner you can begin to resolve the issue.
Fraudulent Phone Calls
There are two general ways that the phone is used in perpetrating scams and identity theft:
- phone calls attempting to con the person answering into providing information, funds or access to their computer; or
- fake error messages listing a phone number to call for support.
Both are attempts at identity theft using the telephone.
From bogus “computer support” calls to “free” vacations to fake charities to unexpected “government” calls threatening arrest, scams are perpetrated on innocent victims every day.
Phone scams are no joke. Scammers target millions of Americans every year via robodialers and many people fall victim as they are threatened with arrest warrants or guaranteed free vacations. — CallerSmart.com
These Callers are Thieves
The purpose of their call is to steal from you — your money; your identity; your trust. Learn how to protect your identity.
When someone approaches you, remember they always want something. — Frank Catalano
Don't be the next victim! Don't engage the caller. Just hang up.
Let Unknown Numbers Go to Voice Mail
Fraud experts recommend that you let all unknown numbers go to voice mail, even if they appear familiar. Scammers use fake caller ID to appear to be local callers.
Any of these warning signs indicate that you're probably dealing with a scammer:
- A “computer support” call telling you that your computer is infected.
- They tell you to use the “Windows” key in combination with another key to navigate your computer.
- A call offering a better credit card rates.
- A call offering a special discount or an unexpected prize.
- A call from a “CRA officer” stating you're about to be arrested for tax fraud.
- A call telling you your Social Insurance Number was flagged.
- A call telling you that large purchases have been made to your credit card.
- Most robo-call offers.
Just Hang Up
Don't respond. Just hang up.
The Caller Has No Authority
You don't need to fear these calls.
One lady was scammed for thousands of dollars because “the caller told me I couldn't hang up.”
If there was a warrant for your arrest, the police would be at your door, not having a “CRA officer” or “police officer” call you.
Callers Need to Prove Their Identity
Be wary of any calls you didn't initiate.
If YOU contact your bank or credit card company, they need information to identify you. This is normal. Just be sure you obtain that contact number from a trusted source such as a recent invoice or statement.
However, if you DIDN'T initiate the call using a reliable source for the phone number, the caller has no right to expect you to provide such information.
Don't Provide Information
NEVER either confirm or provide any information to an unknown caller (especially when asked to prove who you are).
- Never give out personal information
- Never give out your Social Insurance Number (SIN).
- Never confirm or correct information.
- Never provide credit details or a credit card.
From a financial perspective your tax information as well as your entire credit profile including your history and credit score and connected to your SIN. — Toronto City News
Recovery of a lost SIN is difficult and doesn't prevent the older number from being used fraudulently.
Never give any personal information, such as a Social Security number, to a caller unless you're positive he or she is a legitimate representative of a company with which you regularly do business.
If there's any question, ask for the caller's full name, title and department and tell him or her you'll call back.
Use the business's phone number as posted on its website or, better still, on any snail-mailed statement or correspondence you've received from the company. — ZoneAlarm Security Blog
Be wary when calling back a missed number, particularly if it only rang once. Calls to “regular” numbers in certain (mostly Caribbean) countries can be treated like 900 “pay-per-minute” numbers.
Credit Card Scams
Credit cards are involved in most of these scams in one way or another. They'll try to either scare you or use greed to cause you to respond positively rather than question their authenticity.
- Even though they've called you, they'll request that you provide your credit card details, name, address, etc. “to prove who you are” (and enough to be able to either use the card or establish credit in your name).
- Remember, they called you.
- These calls usually mention both VISA and MasterCard. Most financial institutions only offer one or the other.
- There is a relatively new credit card scam where the automated call says there are suspicious charges on your card. Usually fairly large purchases are mentioned.
Remember, these are seldom legitimate calls. Thieves are trying to con you into giving up your credit card details.
These calls begin by telling you that you've won a lottery or some other significant prize. But there's a catch: you need to pay shipping and taxes or other fees before the prize is delivered.
- Prizes are not taxable in Canada and there should never be any shipping or handling fees regardless of where you live.
- It is highly likely that you won't remember having entered the named contest or even know about it.
Similarly, any special discount would not involve shipping or other fees.
CRA and Threats of Arrest
This is a particularly scary call. A person identifying themselves as a CRA officer states that you owe a great deal of tax and a warrant is being issued for your arrest unless you can pay the officer.
The Canada Revenue Agency will never call and use nasty language or threaten a customer. They will also never ask for credit card information, personal information by email or text, or request your social insurance number or ask for bank account information. — CTV News
Callers Need to Prove Their Identity
- You would be notified by mail of any amount outstanding on your taxes long before this point.
- Police officers would be at your door rather than someone calling you if there was a reason to arrest you.
- You would be notified by mail of any amount outstanding on your taxes long before this point.
The newest variation appears to be calls from your local police threatening arrest.
Scammers have defrauded Canadians out of tens of millions of dollars over the past decade pretending to be collecting back taxes with the Canada Revenue Agency — but police are warning of a new twist on the old scam.
The scammers are pretending to be officers with local police forces, investigators said.The thieves are also using caller ID spoofing so it looks like the call is coming from a police phone number. — CTV News
“Can You Hear Me?”
Your response to “Can You Hear Me?” or similar questions can be recorded and used as “proof” you ordered a product or service.
I answered the phone. They said: "Hi my name is Matt on a recorded line and I'm with Health Source. Can you hear me okay?" I said: "Yes" They then hung up. — as reported to BBB.org
These are known scam techniques. Don't respond; just hang up.
- They call early in the morning or late at night (when you're less alert). This is illegal in Canada.
- They request that you confirm your account number or other details.
- They ask for remote access to your computer or to download and install software.
- They use a transfer of trust by saying they are with a well-known agency such as Microsoft, the CRA or IRS.
Remember, they called you! so it's their identity that is unconfirmed.
For more information, try these resources:
- The Canadian Anti-Fraud Centre lists the most common scams.
- What to expect when the Canada Revenue Agency contacts you.
- IRS tax scams & consumer alerts
- Spot a business or offer that sounds like a scam? BBB Scam Tracker.
- Spot a business or offer that sounds like a scam? Tell the Better Business Bureau about it.
Beware of “Computer Support” Calls
While this section deals specifically with computers, similar motives and techniques are used in other scams including offers to lower your credit card rate and threats of arrest from CRA “security officers.”
I'm calling from Microsoft…
No, they aren't.
If you receive a phone call from a “technical support” person saying that you have a problem with your computer, Just hang up. All such calls are SCAMS.
At first I hung up on this call, then he kept calling so finally I thought maybe this is legitimate. He proceeded to tell me my computer was at a security breach and he would clear it for me. He also said he was from Microsoft and that it would not cost me any charges. After about 3 hours of calling back and forth I ended up $1,999.99 ripped off. — as reported to BBB.org
Globally, about two-thirds of the respondents had encountered a technical support scam. About one in five had been duped -- allowed the scammer to continue his or her story -- and nearly one in 10 had actually given money to the fraudster. — ComputerWorld
Telephone scams return around $470 per call. Thanks to robocalling (automated calling), number finding technology, and fake caller IDs, scammers fool more people than ever before. Given how much money the scam makes, and how little call centers pay (e.g., Indian call centers pay around $2 an hour), your decision to "keep them on the line" really isn't helping anyone. — MakeUseOf
If you have reason to believe the call is legitimate, hang up then look up the number from legitimate source such as a recent invoice or statement from that company or agency then call them back using the number printed on that form.
In most cases, the company won't know what you're talking about and you've just avoided being scammed.
They are Scamming You
The person calling you is undoubtedly more technically adept than most users.
They will attempt to convince you that your computer needs fixing then charge you for this unnecessary “support call.”
Remember, they called you to tell you about problem you weren't experiencing.
All computers run slower over time. The caller will most likely make the problem worse as well as sell you bogus anti-virus software or services. They will, in fact, make your computer less secure.
If they were legitimate and could actually look into your computer to see errors, they could have fixed it without calling you. Instead, they are scamming you.
The caller will attempt to “prove” they are legitimate by getting you to visit their website. Don't!
These callers are criminals regardless of what their website indicates. Most (but not all) are located in Asian countries where the lack of consumer protection and fraud laws make prosecution difficult or impossible.
I once told one caller that if they called back in a half-hour I'd have a website “proving” I'm the king of Siam. They never bothered calling back.
One trick is to have the victim click on the Windows Key + R keyboard combination to bring up the Run command, then have them type in “msconfig” (they'll spell it out) to open System Configuration then click on the Services tab:
They scammer will point out the stopped Microsoft services, calling these “errors” and telling you that your computer is about to crash.
These stopped services are NORMAL, but most users are confused by the use of the keyboard commands and immediately feel out of their depth.
They Want You to Panic
The use of this intimidating technique is intentional. The caller wants you to panic so that you follow their advice without thinking about it.
Keyboard Combos Intentional
Now they'll get you to enter the same Windows Key + R keyboard combination, then www.google.com (which opens Google) and have you search for an older (insecure) version of TeamViewer.
Designed to Confuse
This is different that the way most users would approach a search by using their mouse to open their primary browser then enter a generalized search term that would bring up a current version of TeamViewer. Again, this is intentional and designed to confuse you.
NOW They Have Access to Your Computer
When installed, this insecure (vulnerable) program will provide the caller with remote access to your computer.
This older program lacks any of the newest security measures which makes your computer vulnerable to their attack on your system.
They Don't Know You
Remember, the caller has no advance information about your computer. All they have is their bag of tricks to try to scam you and access to your social media (watch what you post!).
- Never provide remote access to your computer via TeamViewer or any other product based upon a phone call, email or any unexpected popup warning on your computer.
- Never follow instructions to navigate to folders or type any instructions via your keyboard.
- Never provide nor confirm any personal or computer information (including passwords, software versions or serial numbers, credit card numbers, etc.).
- Never visit websites or install software suggested by the caller.
Your best option is to hang up without saying goodbye and without following any of their instructions.
Providing Remote Access is Dangerous
My policy is to disable remote access for my clients and not provide remote service exactly because of these vulnerabilities.
Remote access or unknown software can allow the remote user to do ANYTHING on your computer, including installing nefarious software or stealing your personal information.
If you follow their advice, you'll waste your money on software that won't help protect your computer. Worse, it will likely make your computer more vulnerable and you'll become a victim of identity theft and credit card abuse for which you'll foot the bill.
Don't be a victim! Just hang up.
Cleanup is Costly
Many people of all ages have fallen for these scams, and the schemes are getting more complex. If you encounter one, don't panic. Stop and think it through.
Microsoft estimated the cost of cleaning up after a successful scam at $875.00 (and that was in 2011). More on these sites:
- Report a technical support scam to Microsoft.
- 7 steps to take right after a data breach.
- Stay Safe Online's blog has tips and news about keeping your computer and family safe online.
- Tech support scams — from Microsoft.
- Protect yourself from tech support scams.
- Cold call tech support scams increasingly common.
- How to protect yourself from scammers (CRTC).
- ‘We're with Windows.’ The anatomy of a cold-calling scam.
- Avoiding tech support scams — from Microsoft.
- Listen to a scam computer virus call.
- 15% received a call (22% of those fell for the con).
Don't be the next victim! Just hang up.
If You've Become a Victim
If you become a victim, it will probably take you hundreds of hours and an average of $1,000 to recover from ID theft. Even worse, some innocent victims have ended up in prison because identity thieves have committed crimes in their names. — Scambusters
If you've fallen for one of these scams, don't be embarrassed. If you were the only victim, the crooks would be out of business.
Report the Crime
However, you do need to take some immediate measures to limit the damage, starting with reporting the crime.
Have Your Computer Checked
If your computer was accessed, take your computer to a trusted computer professional to assess the damage. Service personnel can look for the signs of problems but no one can guarantee the computer is clean under these circumstances.
In some cases the computer many need to have a clean install (data backed up, operating system and software reinstalled, data restored) to ensure the computer is not infected.
Change Your Passwords
Your passwords may be compromised. Notify the companies involved and immediately change ALL your passwords.
Notify Financial Institutions and Police
If you provided a credit card or banking details, you'll need to immediately notify those financial institutions.
Notify the police to report the potential identity theft and contact the Canadian Anti-Fraud Centre at 1-888-495-8501 to report that you've probably become the victim of identity theft.
Microsoft issued a warning on tech support scams:
- Be wary of any unsolicited phone call or pop-up message on your device.
- Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you.
- Do not call the number in a pop-up window on your device. Microsoft's error and warning messages NEVER include a phone number.
- Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
- If skeptical, take the person's information down and immediately report it to your local authorities.
Error Messages with Phone Numbers
NEVER call phone numbers listed in error messages. Instead call your local tech support person or hire me.
Legitimate Errors Lack Phone Numbers
Microsoft's warnings will NEVER include a phone number. Neither will Mozilla's.
If a recovery phone number is displayed, you're seeing a scam. NEVER call that number.
Unexpected Error Messages
Unexpected error messages like these or dire warnings are NEVER legitimate. They are generally
More About Suspicious Popups
Beware of suspicious warnings or popups on websites and on your computer.
- You suddenly hear an audio-based warning that your computer has been infected. There doesn't seem to be any solution other than to follow the instructions.
- A website reports that your Windows license key has been corrupted.
- A red box popup up stating that there is a Firefox critical error telling you to call a number.
- A blue screen appears stating that Microsoft Windows has detected some suspicious activities on your computer, listing an error code and a support number.
If you're having difficulty closing a popup, see popup warnings that won't go away for solutions.
Remote Infection Detection Unlikely
There is no current technology for websites to determine if your computer is infected with malware or viruses.
However, Microsoft and other agencies may run “honey-pot” programs that collect information about spam emails.
If your email is involved, they are unlikely to call or email you (they may disable your account at the server level).