The U.S. Securities and Exchange Commission (SEC) numerous warnings Over the years against scammers trying adopt one’s identity SEC management, including phone spoofing.
Call spoofing is when a scammer calls a landline or cell phone to claim that they are from Organization X and then reassures them: “If you don’t believe me, check my number.”
behold, when you do, caller ID (as known in North America) or Outgoing Line Identification (CLI, term used elsewhere in the world) The phone is said to come from the official number of X.
evidence… Except it’s not!
The problem here is that the terminology caller ID and CLI The technology is a misnomer because it cannot identify the caller himself or the phone line the caller is using.
It’s not a fact, it’s a suggestion
discrimination real caller This is not possible with regular landline or mobile phones because the phone (or phone system) has no reliable way to identify who is calling or who is speaking into the microphone in the first place.
and even identify Phone number Caller ID data decoded and displayed on the device is unauthenticated and therefore cannot be authenticated, which causes problems with the calling line.
If you can’t authenticate, it’s not really any kind of identification.
In fact, anyone with the necessary skills can insert any desired number into the call signaling process so that almost any number they want can be displayed before answering.
In fact, changing the caller ID to give a completely different number when making a call is still considered legal and useful in many countries.
For example, you might want to call someone from a call center (you can’t redirect calls to an individual employee’s extension anyway), but you might want to mark the call as a toll-free number or central switchboard. All reply phone numbers.
In short, you should think that the sender id or CLI is neither more reliable nor more accurate than the reply-to address on the back of a snail mail letter. The choice is entirely up to the caller.
In other words, if the caller ID shows that the call is not from the person you expect it to be, it’s okay to decide not to trust the call.
But it doesn’t work any other way. It’s not good to trust it because it looks like it’s from someone you expect.
(It is recommended to read each of the last two sentences twice.)
Now for cryptocurrency investors
Well, the SEC recently repeated warning This is thanks to investment scammers who use the SEC’s “phone ID” for spoofed calls to trick the caller into believing that they really represent the SEC.
As you may have guessed, today’s scammers are focusing on today’s hot topic, cryptocurrencies, claiming to be SEC officials who often prefer to warn about “fraudulent” transactions.
We are aware that some individuals have recently received calls or voicemail messages that appear to be from SEC phone numbers. Calls and messages raised concerns about unauthorized transactions or other suspicious activity on the recipient’s checking or cryptocurrency account.
[…]
SEC employees will not engage in unsolicited communications, including by phone, voicemail message, or email, such as soliciting payments related to enforcement actions, offering transaction confirmations, or requesting detailed personal and financial information. I am skeptical of inquiries from anyone claiming to be part of the SEC about your stock, account number, PIN number, password, or other information that could be used to access your financial account.
We also reported that Naked Security readers have received similar scam calls in the UK. The phone had their own bank’s real number, and the scammer (obviously) “identified” himself as the following: I work at a bank.
fictitious trust
Unfortunately, it’s easy and very convenient to get into the habit of trusting or at least relying on the caller ID displayed.
We know of someone who has his own mini-pandemic due to a recent coronavirus outbreak at home (one of the kids got the virus at school and the whole family is infected at the same time).
Everyone in the family received tracking and tracking calls triggered by everyone else in the family…
.
But later they realized that the effect of this was to “teach” them all (or perhaps “naively misguide” is a better term) to trust the incoming caller ID more than they had previously tried to do. acknowledged.
What to do?
Here’s a simple approach. Treat your caller ID name or number like an unwanted weather icon that asks you to keep showing it on your phone even if you’re already out there.
Often they are right or partially right. Sometimes they are wrong and even badly wrong. But they are by no means decisive.
You can also take an umbrella when you see the rain cloud icon. Instead, when the sun comes, you can at least use it as a parasol.
But don’t leave your umbrella behind simply because you saw the icon of the shining sun. that icon is proposal; Not like that evidence Anything.
Most importantly, if a caller invites you to see your caller ID number to prove your authenticity…
…You can be 100% sure right away that they are lying.. (It’s better to just end the call once and for all without further ado.)
If you need to contact your organization by phone, use the phone number to find your own way.
- from trusted documents like the back of a credit card
- In the letter you received when you signed up, for service, or
- as indicated in one of the branches or offices Information about the company itself.
(We checked with one of the uniformed staff in the branch that the information was up-to-date, and then took pictures of Woori Bank’s various official helpline numbers on a signboard at a nearby branch.)
And remember our most important anti-fraud advice to protect your privacy. If in doubt, do not provide.
.