Phone Scamming: Alive and Well

I've heard reports recently of specific social groups being targeted for scamming.  I hadn't paid much attention to it really until recently.  I was targeted as was my Grandmother and Uncle.


I have a friend and colleague that recently took a trip to the islands.  Upon his return I received a phone call from that island.  I don't recall if it was the very next day or not, but it was definitely within a week.  Whomever or whatever targeted me had coincidence on their side for sure.  I did not return the call before asking him if he had given my number to the person he had left behind.  When he said he did not, I knew to ignore the call.  There was no reason anyone from Aruba, Grenada, or any other island should be calling me.  Turns out that shortly thereafter I got wind of this scam.


My grandmother was targeted by something different, the Grandparent Scam.  She was contacted over a land-line by a voice that said nothing more than, "Grandma, I'm broken down and I need some help.  Can I have your credit card number and expiration date?".  While I don't believe most elderly would fall for this scam, I certainly know some that would.  Mine did not.


On the overseas scam I mentioned, I know the people targeted are those that for whatever reason are curious and call back whomever called them, regardless of where the call came from.  On a personal note, I think this is ridiculous and absurd if the call is outside the U.S. and you have no worldly affiliations.  However, what if that call came from someplace within the United States?  A smart hacker would better their odds at targeting the audience.  Populous Maps show you that California, Texas, or pretty much any state east of the Mississippi would increase the odds that someone might call back because they could conjure a reason someone might have called them from those locations.

The Grandparent Scam is targeting the elderly and exploiting two major aspects of them.  First that they are old, concerned, and easy to dupe.  Secondly that they are oblivious to the potential results of handing over information.  But how do you target such a group?  Random phone calls are luck of the draw.  Here are a few ways.  Libraries house old newspapers on microfiche.  Remember that stuff?  One method might be to create lists of people based off of old graduation announcements from high school classes between years x and y to create an audience of everyone over age z.  Another avenue might be to target area codes where there is a high number of retirees.  I'm sure there are many ways.  My purpose isn't to tell anyone how to hack or scam the elderly, but rather to increase awareness that they can be hacked or scammed.

This brings about an interesting point.  As security professionals we understand the importance of a security awareness program.  We help enforce the concept at work, but how many of us exercise this in our own homes, amongst family members, and toward other peers who are oblivious to external threats.  I'm sure those of us that are married and/or have children have at least trained our immediate family members.  It's those outside of that realm that I'm concerned about.  After all, current technology and exploitation far exceeds what our elderly are familiar with.  It is up to us to protect not only them, but everyone through awareness.