December 4, 2018

Good day, welcome to another bulletin from Breaking Scams…

Scam, just in…

We often talk about phishing in our blog here at The Defence Works. Phishing is the scourge of us all, both as individuals and as business owners. Symantec found that in 2017, users were having to deal with about 16 malicious emails per month. But it isn’t just spoof emails that we need to watch out for, phishing comes in many forms, and the latest BT scam is a version of the voice variant of email phishing, also known as “vishing”.

 

Vishing is not new, but like many other scams it does the rounds and seems to come in waves. In a recent survey, 45% of organisations were affected by phishing carried out via phone calls or text messages. Vishing is part of the general ‘bag of tools” that scammers use against us.

 

The BT scam vishing campaign has been around for a few years and has been rearing its head again in the last couple of months. Earlier versions of the scam would be aggressive, stating that you:

 

“had not paid your bill”

 and

 “unless you paid immediately over the phone”

you would be

 “cut off”.

 

In similar BT scams, the call received is an automated voice (“robocaller”) asking you to “press a button to connect”. This action then connects the person receiving the call to a premium rate line which charges them an extortionate amount of money.

 

In the latest spate of vishing, British Telecom (BT) was again used as the trusted brand name to trick users into giving out information. A recent attack against a Bournemouth man ended in £4,635 being taken from his account. The spoof phone call the man received, seemed very plausible. The whole conversation was staged to sound like a real BT call, the man being passed between departments like you would in a normal conversation with the company. No aggression was shown; instead, this was a smooth operator at work.

 

Like its email counterpart, vishing replies on certain tricks of the trade, the scammers:

 

  1. Pick a brand that is well-known, like British Telecom. This lulls the victim into a false sense of security where they feel the brand is trusted so it must be real.
  2. Might use a sense of urgency, like the “pay up now, or else” BT scam.
  3. May use more sophisticated techniques, including creating the ‘feel of a real call’ as the man from Bournemouth experienced. This is part of building up the trust needed to take the user through to the ‘sting’ where personal and/or financial details are extorted.

 

Scammers, whether phishing, vishing or SMSishing (text message scams) are always trying to keep ahead of their target. They will play clever tricks, use trust and well-known brands, to try and execute their scam. We all need to be aware of what is happening in the world of the scammer to stay one step ahead.

 

Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:

BT Scam what to watch out for:

There has been a sharp increase in reports of a BT scam that is doing the rounds – it’s not a new one, but seems to have reared its ugly head again!

Watch out for a scam where the scammer will pretend to be from BT and may ask about your phone bills, your Internet connection or computer. The scammer is after financial or personal details. They may sound very plausible.

BT will never ask for remote access to a computer. They will also never ask for payment by email or via live chat. Similarly, they will never ask for payment via PayPal or money transfer sites. And, they will not send anyone to your home to collect payment. Never give out bank account login credentials to anyone purporting to be from BT.

If you are called by an automated voice call and asked to press a button to connect, DO NOT press the button – you could be billed a large amount of money.

You can report a BT scam call using this link: https://www.productsandservices.bt.com/consumer/edw/scams/

 

Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams!

Share this: