For security, we have to stop picking up the phone | TechCrunch
How do you know that the person on the other end of a phone call is really who they say they are?
Earlier in July, a Ferrari executive was flooded with a barrage of WhatsApp messages that appeared to come from his boss, the carmaker’s CEO, Benedetto Vigna. But the Ferrari executive didn’t recognize the number, and he couldn’t be sure it was really his boss.
Suspicious of the flurry of messages from the unknown number, the Ferrari executive still took a call with the person who claimed to be Vigna. Despite the fact that the purported CEO had Vigna’s southern Italian accent, the executive still felt something was off, so he asked the caller something only Vigna would know, something the two personally discussed days earlier.
“Sorry, Benedetto, but I need to identify you,” the executive said. And then the call abruptly ended, and a potentially colossal fraud was avoided, as reported by Bloomberg earlier this year.
If you think the Ferrari executive is a rare edge case for scammers, think again. For as long as we’ve had telephones, there have been people trying to trick someone into thinking they’re someone else. Now, as with the case of the attempt against Ferrari, voice AI tools make it so that scammers can clone someone’s voice and trick victims into thinking they’re talking to another person.
All of these attacks involve the phone, or rather, picking up a phone call. Once you pick up the call, scammers and fraudsters can use tactics designed to pressure and force you into acting quickly and hastily in a high-stress situation.
You’ve probably heard of some of these scams already.
Look, the police (or the feds) are not going to call you to claim that “you have a warrant out for your arrest” or to demand a payment to invalidate the warrant. If there is an arrest warrant out for you, the police won’t leave you a threatening voicemail; they will come to your house.
It’s unlikely that your healthcare provider will call you to demand payment over the phone without first sending you a letter or a paper bill. The FBI says that healthcare fraud can affect anyone and ranges from scammers impersonating healthcare providers to fraudulent claims that you owe a balance on a nonexistent bill.
And, yes, you actually should be wary of the person on the other end of a phone call who claims to be from your bank, or from your workplace, or from an online tech company calling you to “verify your personal information,” or asking you to hand over a security code that was sent to your phone.
The alternative is to stop picking up the phone. Wait, identify, then respond.
Some scams are more advanced than others, including the spoofing of phone numbers that appear as genuine on caller ID and using AI tools to manipulate a person’s voice; this is sometimes referred to as a “deepfake.” Often the scammer will try to evoke a response or reaction by pretending to be a close family member in distress. Even if you think you know the person who’s calling you, but you cannot be completely sure, this may be for a good reason. Trust your instinct, be vigilant.
Take the case of Ferrari’s near miss. On the call, the Ferrari executive asked the purported CEO a question that only the real boss would know, the title of the book the two talked about a few days earlier. On a smaller scale, some friends and families have agreed-upon safe words or phrases that they can use in the event they need to prove that it’s really them. (Going one step further, having an alternative phrase used only if the victim is speaking under duress can help notify others of an unsafe or dangerous situation.)
If someone calls you seemingly out of the blue to ask for your information, how can you know that the person calling you is in fact legitimate? You may only have the caller’s phone number to rely on, and you may not recognize the digits.
If your bank claims to call you, call the number on your bank card to verify for yourself.
If a company or organization you might recognize calls you and asks for information that arouses your suspicions, hang up the call, go to the organization’s website or official app, and call them back directly. Don’t just rely on Google search for a phone number, since scammers can trick search engines into displaying false customer service phone numbers run by the scammers.
If you get a phone call claiming that someone has logged into one of your online accounts, go to the website or app for your online account and verify for yourself before you take any further action. Most companies, such as Google or Facebook, do not call you but rather rely on their official customer support portals.
Be like that Ferrari executive. Take a minute to breathe and think, and take control of the situation. And next time your phone alerts you to an incoming call, maybe just let it go to voicemail.