April 20, 2014

avatar

A curious phone scam

My phone at work rings.  The caller ID has a weird number (“50622961841″ – yes, it’s got an extra digit in it).  I answer.  It’s a recording telling me I can get lower rates on my card (what card?) if I just hit one to connect me to a representative.  Umm, okay.  “1″.  Recorded voiced: “Just a moment.”  Human voice: “Hello, card center.”

At this point, I was mostly thinking that this was unsolicited spam, not a phishing attack.  Either way, I knew I had a limited time to ask questions before they’d hang up. “Who is this?  What company is this?”  They hung up.  Damn! I should have played along a little further.  I imagine they would have asked for my credit card number.  I could have then made something up to see how far the interaction would go.  Oh well.

Clearly, this was a variant on a credit card phishing attack, except instead of an email from a Nigerian dictator, it was a phone call.  I’m sure the caller ID is total garbage, although that, along with the demon-dialer, says that the scammer has some non-trivial infrastructure in place to make it happen.

So, the next time one of you receives an unsolicited call offering to get you lower rates on your card, please do play along and feed them random numbers when they ask for data.  At the very least, there’s some entertainment value.  If you’re lucky, you might be able to learn something that would be useful to mount a criminal investigation.  Maybe half-way through you could suddenly have an important meeting to get to and see if you can get them to give you a callback phone number.

Update: reader “anon” points to an article from The Register that discusses this in more detail.

Comments

  1. troy says:

    happened to me a couple of weeks ago.

    wilsonville, oregon

    • Monica says:

      I get series if emails on a regular basis about a Sierra leonian who deposited £xx millions in a bank and looking for someone to help claim the money.

      I do agree in with you on voting for random digits.

      Be careful how you share your bank accounts and current accounts details online or strangers.

  2. Bryan O'Sullivan says:

    That’s a phone number in San José, Costa Rica.

  3. Matt says:

    For months now, I’ve been getting calls in a similar format (spoofed/null ANI, recorded message with no company identification, “Press 1 to speak to a representative”) with several different hooks, including auto warranties, vacation packages, and cameras (in Spanish). Sounds like credit card rates are another variant.

    I recommend filing a complaint with the FCC. Calling with a recorded message that doesn’t identify the company or provide a legitimate contact number is specifically illegal.

  4. JEF says:

    I have been getting the exact same calls every single day. I kept pressing “2″ to get off of the calling list, but it didn’t seemed to matter. I would still get calls the next day. I finally pressed “1″ to ask the name of the company and they hung up on me too.

  5. Dan Simon says:

    A couple of years ago, I got a voice mail message claiming to be from a credit card company I have a card with, asserting that there was a problem with some charge on my account, and asking me to call an 800 number to sort things out. (Interestingly, the caller ID on the message was the legitimate phone number of the credit card company’s customer service center, which is different from the 800 number they asked me to call.) I called the number on the back of my card, and was told that there was no problem with my account, and that I should simply ignore the call. (I offered to give them the 800 number I was told to call, but they weren’t interested.)

    This was a considerably more sophisticated phishing attack than the one you describe, and I’m actually surprised that I haven’t heard of (or experienced) lots of examples of this attack since then, because I’d have assumed it to be quite effective when targeted at random credit card customers. Is it old hat by now? Or did it never really take off, for some reason (and if so, why)?

  6. Dan Wallach says:

    I like your variant on the attack. From the attacker’s perspective, they might get a lower hit rate (“but I don’t even have a Chase Visa card”) but the hits they get are more likely to bite (“oh no, not another call from Chase”).

    This isn’t too far off from a common theme I see in my spambox, i.e., sending you an email requesting action of some sort or another, and sending it “from” every possible bank or credit card vendor. The downside of this strategy is that it leaves a callback number which provides an important hook for later criminal action, versus the lack of hooks that I have to chase down on my case.

  7. Jorge says:

    506 is the country code for Costa Rica. In CR there are no city (or area) codes, and we have 8 digit phone numbers. All land line numbers currently start with “22″ (it was a recent change to 8 digits). “2296″ is a valid exchange. I believe it is in Aurora de Heredia, a town that has a lot of call centers.

    Does your caller ID work for international numbers?

    I can find who the line is registered to through the phone company’s online payment system (it is down right now). Email me if you want me to.

  8. Jorge says:

    Sorry, all land line currently start with “2″, not “22″

  9. Dan Wallach says:

    I’m still voting for random digits. Normally, if I get an international call, it will have some longer prefix on it, with 011 or whatever. The human voice, to which I briefly spoke, sounded like a standard American English barritone without too much inflection, one way or another.

  10. Kevin Dick says:

    I go through this with my alma mater. A person claiming to be an undergraduate student calls asking me to give to their annual fund. I tell them I will go right to their Web site and donate. They try to convince me to give directly on the phone. I explain the security implications and they promise to raise it to a manager’s attention. Repeat annually.

    Now, I’m 95% sure these calls are legitimate. But what a great social engineering attack it would be. The marks are actually expecting the call because all of the alumni literature has alerted them to the fundraising drive. I doubt 1% of my classmates are as paranoid as I am. Heck, an attacker could even then go online and make the donation in your name. Then they could save the number to use at the most opportune moment.

  11. Michael Donnelly says:

    Wow, I got the call literally minutes ago. They must be demon dialing or going through a known list. Mine started with “Don’t be alarmed, but you could save a lot of money…” before I hung up.

    I thought nothing more until I saw this article.

    Mine was from +50622798105.

  12. Devonavar says:

    I’ve been receiving this about once or twice a week for about a year now. Stubborn bastards won’t give up. I don’t know how to get rid of them. Sometimes I get that weird 8-digit thing, other times I get 000000, but it’s always something weird. I’m pissed off … they waste my minutes, leave messages on my voice mail and call at awkward hours.

    I’m in Canada btw, so the problem isn’t isolated to the US.

  13. mgp says:

    Here’s how I avoid getting sucked into scams like this. I simply look at caller ID before I answer the phone. If I don’t recognize the number, I don’t pick up. Hell, depending on what I’ve got going on, I sometimes don’t answer even if I DO recognize the number. (That’s what voice mail is for.)

    On a separate note, I’ve got a company (maybe two) calling me on my cell phone. I’ve called them twice and asked them to take me off their list. I still get the calls. I’ve answered twice and asked them to take me off their list. They still call every day. The numbers are 800-724-9586 and 800-607-8991. They’re both registered to some Auto Warranty Dealers or something like that. Anyway, here’s my little way of getting them back. Every Saturday and Sunday, when I go get coffee, there are two payphones nearby. Before going in for coffee, I pick up one phone, dial one number, and let the phone sit off the hook. I pick up the other phone, dial the other number, leave it off the hook. Go get coffee. Come back, repeat. Because they’re 800 numbers, they have to pay the pay phone company for every incoming call. Not only do I do that every weekend, I do it just about anytime I pass a payphone and have 10 seconds to spare. To me, it’s worth the extra minute or two I spend doing it. Payback is a biotch and I can be one, too. :-)

  14. Shii says:

    Here’s how I avoid getting sucked into scams like this. I simply look at caller ID before I answer the phone. If I don’t recognize the number, I don’t pick up.

    I have a message from your mother, she has a new cell phone and has been trying to call you for several months.

  15. Mike says:

    I’ve gotten the car warrently call ( I own a ’85 and an ’87) and the credit card call too:
    “You could lower your interest rate to as low as 6.5%”

    On a Visa debit card… Brilliant!

  16. Lawrence D'Oliveiro says:

    To those wondering about international numbers which have US-style area codes:

    http://www.nanpa.com/

  17. David B says:

    I was called by 50622798105 and the exact same thing happened to me. I had a prompted message press 1 to take advantage of an offer to reduce the APR on your credit cards, It is the last day of this offer (to give a little urgency) or press 2 to disconnect. I pressed 1 and a woman told me she worked for an outside agency my credit card contacted to reduce my APR. She asked how much debt I had (I was curious so I lied). She also asked on how many cards it was on and how much on each card. I made up some fake answers. She mentioned that she could reduce the APR on several different cards. I found that hard to believe. She then gave me my last name (“I want to make sure I am talking to the right person. Is this Mr. *****?”). I verified. Anyone can get my last name and phone number. I wasn’t convinced. It must have been a ploy to try to convince me they were the real deal. My phone either dropped the call or she hung up. How annoying. These people need to be prosecuted.

  18. LORD VASSAL says:

    i received that call today at 12 18 pm ohio time. i missed the call. no message was left. obviously i was quite curious who this was. with an 11 digit number i was curious who called. i called back and got a recording. it said something along the lines of … the client you are trying to reach is currently unavailable please try again later and then it repeated in french. im positive it was french i kept calling back and showed it too several people it the second part was in fact in french. the recording kept repeating english french english french until I hung up. maybe my call was different i dont know but it happened on september 10, 2008. i kept calling backing hoping someone would answer. but the same recording kept playing soo i started talking to the recording and every time i said something when i would end a statement of great inportants it would cut off and not end but would say call failed. i felt as though some one listening behind the recording. it was extremely eerie. every time i would talk the length of the recording would be different it coexisted with what i was saying when i would stop talking the call would end. i called several times. it cut me off sometimes as if the person needed a break couldnt handle anymore i dont really know.someone was listening tho and i must know who it was, all though i do believe i already know.

  19. VASSAL says:

    God have mercy on us all.

  20. p.s. says:

    the number that called me was different than the one listed above at the top of the page. same 5062 tho. dont want to list the number. no one else needs to try and call it.

  21. p.s. says:

    nothing about anything financial or credit card related was ever said.

  22. mgp says:

    [b]Shii Says:
    September 10th, 2008 at 9:53 pm
    Here’s how I avoid getting sucked into scams like this. I simply look at caller ID before I answer the phone. If I don’t recognize the number, I don’t pick up.[/b]

    [i]I have a message from your mother, she has a new cell phone and has been trying to call you for several months.[/i]

    Thanks. But I talk to my Mom enough to know if she were even contemplating getting a new cell phone. Also, in case you haven’t heard, a law was passed a good number of years ago where you can use the same phone number even when you switch companies. It’s called Local Number Portability or LNP. You REALLY should get out from under your rock more often. ;-p

  23. Dave Provine says:

    For me, if the CID is not ten digits, Asterisk asks for a real number. If it’s zeros or something else bogus, Asterisk asks for a real number. If they don’t manually enter a real number, it gets dropped. If it’s on the blacklist, it gets dropped.

    Checking the logs shows that I get several blacklisted number calls per day that never ring the phones and never bother me.

  24. Laura Felten says:

    Dan,
    We’re on the same wavelength, just last week I actually made some progress on this exact problem by playing along…

    I decided to play dumb–really, really dumb. I told the operator, “Wow, this sounds really interesting! Which of my credit cards is this for?” He wanted to know which cards I had. We had a long cat-and-mouse game where I told him I wasn’t sure what my interest rate was, I couldn’t remember who issued the cards (but would recognize it when he said it), and didn’t know how often I paid off my balance, etc. At the end of almost every “confused answer” I’d give him, I’d ask some ditzy question which was designed to either keep him on the phone or actually get some information out of him. Sometimes I just got a question in return, but he was hooked enough to feed me bits of info to keep me on the line too.

    He said he “works for Card Member Services. You know, the phone number on the back of your credit card? That’s who I work for.” He also said that he wasn’t offering me a new card, just a lower rate. I got him to verify those two things a couple more times. Then I told him to take me off his list and he was gone before I finished the sentence.

    I called the Card Member Services phone number on the back of my card. She thought it sounded like the umbrella MasterCard & VISA companies, who do have telephone solicitors. She gave me a reputable phone number to call to have my phone number taken off the list, (six-to-eight weeks, at least, to take effect) and made a notation in my account records.

    One interesting this is that he never asked me for an account number or any other personally identifying information; but he wasn’t offering up anything to convince me that he knew who he was talking to–didn’t even use my name.

    Good luck with the hurricane!

  25. Anonymous says:

    This scam is just trying to get your credit card number. However, if you decide to play along, you have to do some research because there is a structure to a valid 16 digit credit card number, including a major industry identifier at the beginning (4 = Visa) and a checksum digit at the end. My operator tried to verify the number I semi-randomly spouted twice and even got her “supervisor” on the line when the number kept coming up invalid. I guess they were trying to charge something to validate the number I gave them, but it wouldn’t go through. Go figure! They hung up when I started to laugh at their next question.

  26. Anonymous says:

    I get this call about 2 times a week. Today I got a bit sarcastic when the guys answered and said “I understand this is my last chance to lower my interst rates!” at that point he called me a smug little bitch repeatedly. When I asked to have my number removed he said he wasn’t authorized to talk with me that he had to talk to my husband. I said that wouldn’t work for me. He hung up on me. I need to remember to remain calm and maybe I can get some information from them. Very aggravating

  27. Anonymous says:

    I don’t have caller ID (gasp) so it’s just hopeless. I was getting these a ton all summer, but less now. I have to break down and get caller ID at some point because I REALLY want to gather enough data to nail these people. There were times when they were calling me several times a week. I used to press 2 to be taken off the list, but since that never worked, I’ve taken to pressing 1 to try to dig info out of them. Sometimes they call saying my vehicle’s warranty is expiring, sometimes they say it’s “Financial Services” (and claim that’s the name of the company), sometimes it’s been about home mortgages (this was prior to my keeping a log of each call).

    I’ve noticed one odd piece of data. One of the few times that they didn’t hang up on me when I asked the company’s name, I kept playing along and asking for more info, and the agent volunteered (with some pressing) that they were located in something that sounded like “Aphaia, Georgia.” Today, when I got a call claiming my car’s warranty is just about to expire (it expired years ago), the agent identified herself with the same mumble — it may have been the same agent — giving a name that sounded like “Aphaia” or “Avea”, which is what I’d written down until I checked back through my log file. Evidently it’s a non-word they’ve been using to brush aside questions. This time she hung up as soon as I said cheerfully, “Hi, I’d like to know the name of the company that’s calling!”

    They are wasting thousands of hours and are probably succeeding in scamming some people. I want them brought down!

  28. Anonymous says:

    I just got the same call a minute ago from 50622114596 on my cell phone. I got the recorded message, pressed one to be sent to an operator and was answered with “client services, how can I lower your credit card rate”. When I asked “I am sorry, who am I speaking with” she said “CLIENT SERVICES, I already told you” with such defensive anger, I was actually a little surprised. She wasn’t even going to pretend this might work out in her favor. When I said. “Who are you people?” she said, “we work with Visa and Mastercard to lower your rates” and then I said “please just stop calling me” and she said “N.O.” spelling it out like a two year old. I asked to speak to someone else and she responded “N.O:” to which I responded something about her pathetic existance and how did she feel about scamming poor working people for living and only making minimum wage. The one piece of information she did gave me (true or not) is that she claimed to make “a whole lot more money than I did.” Maybe you do when you are a total thief.

    This enrages me that this is happening, wasting my time and my cell phone minutes and that people in desperate financial situations may fall for this. I hate having no recourse.

    I guess all you can do is warn others.

  29. Anonymous says:

    +506 2292 4146 called today.
    Same “we work with Visa and Mastercard to lower your rates” line. Hung up after asking what company do you work for.

  30. Anonymous says:

    The first guy was Chris. He hung up immediately. Both guys were American.

    These guys called my cell phone and my home phone. The guy who called me at home said that he got my info from Experian, a large company who issues credit reports. He said he was in Orlando, FL. I have no idea if that is correct. Lets nail these guys. I called my local police and talked to an officer who sounded interested in it.

  31. Luc says:

    Just got this for the first time today. Better late to the party than never. I’m overjoyed by the prospect of getting these phones calls several times a week.

  32. Anonymous says:

    First a recorded female voice saying “Do not be alarmed, but we would like to lower your interest rate. Press ’1′ to lower your interest rate.” or something like that.

    After pressing 1 I was connected to “Tamara” who wanted to know my name. I asked what company she worked for and very defensively said “Client Services”. She again asked for my name and I asked her exactly what she wanted. She said “did you press 1 to lower your interest rate?”

    I said “Lower my interest rate on what?” at this point she was getting outright angry and said “on your credit cards!”. Of course I had to ask “which credit card” and she hung up.

    I remained calmed and polite through the call, but it was surprising how quickly the woman got defensive and angry — it was obvious I was wasting her time.

  33. Anonymous says:

    I used VoIP to call several of these numbers, and 50622114596 actually answered. The guy’s english was not bad and he was friendly. I told him that I was looking for Tamara, who left me a message to call her. He volunteered the business name ATH Bank of Costa Rica. When I told him that I think this may be about my Mastercard, he said “Ohhh, can you hold on…”, the call was then disconnected. Most other numbers had a modem answer or were not in service. ATH Bank is a “legit” interbank network, connecting the ATMs of various financial institutions http://en.wikipedia.org/wiki/ATH_(interbank_network)
    This looks like telemarketing turned phishing scam.

  34. Dennis says:

    I had this same thing happen, recieved a few phone calls from +506 22913723 about lower interest rates. unfortunately i did not press one and try to pry info out of these people. I hung up and reported it to the fcc. Is there any way to figure out what telephone company owns that number or if it is spoofed through skype or some other voip service.

  35. Anonymous says:

    I have been getting these calls for the last several months as well.
    The number 506 227 231 40 seems to be different from the ones listed by others but I am assuming since its Costa Rica its probably a similar scam. I keep ignoring it everytime it pops up on my caller ID, no message left by anyone; I refuse to spend money calling it back. The thing I find most interesting is my number is completely private; it doesn’t even appear on others caller ID so I always wonder how people like this get my number. Good luck to everyone; I say just ignore it and don’t give them any of your time or energy. Best.

  36. Anonymous says:

    Had a guy call from “Client Services” named “Tom Philips” to reduce my interest rates.
    Got angry when I questioned the company name. He then asked for the last 4 digits of of pnone number “to look me up”. When I refused he hung up.
    Also had calls regarding the expiration of the extended warrenty on my vehicle. It doesn’t expire for two years.