Christmas scams: what's behind WhatsApp messages from strangers and missed calls

FIRST online

It has happened to everyone and perhaps, with the arrival of the Christmas holidays, even several times in the space of a few days. We have already talked about the Christmas fake parcel and phishing scam, but in the cauldron - this time - even legitimate activities end up, or rather: not prosecutable, which certainly do not represent a crime, but a nuisance, certainly, yes. Let's start from the beginning: how do scammers get hold of our data? Excluding the case of informed consent, which corresponds to the express concession of the use of our data, given knowingly by ticking the box of the various privacy policies of contracts and other documents that we may have signed in the past, in all other cases, our data have been purchased or sold in exchange for other goods, by full-fledged scammers. Sometimes in broad daylight, violating privacy laws, in defiance of the famous "opposition register", other times exploiting the advantages of "Dark web“. This part of the Internet is a subset of the global network, but it is not indexed by search engines and can only be accessed by directly knowing the addresses to type in advance. In this world it is easier to maintain anonymity and, for this reason, the dark web is highly appreciated by those who browse in search of illicit means to earn money.

Christmas scams: database dealing on the dark web

They are passed off on the dark web entire data databases, cataloged based on the findings we have of them. For example: a “verified” package of data has a higher value on the market, because someone spent time verifying it. For example, an e-mail message was sent to which the unaware recipient replied, a call was made to the mobile number, to which someone responded, an attempt was made to access a site with the available credentials and that site granted access by recognizing the user. In short, even in the undergrowth of illicit digital activities, quality comes at a price.

Starting from this data, scammers come into contact with victims, even just with a message WhatsApp. Particularly attractive job offers have been in fashion lately. You receive a text like this: “Hi, my name is XXX and I'm a recruiter for XXX. We are recruiting some network workers who have free time. This job will not affect your normal work and life and the pay is up to 100-400 euros per day.” The words may vary, but generally the common denominator is: astonishing economic offer, almost zero requirements, limping language.

Christmas scams: how the task scam works

This type of scam is called “task scam” and involves 4 phases: solicitation, assignment of tasks, opening of an account or digital wallet that allows the receipt of cryptocurrencies or other forms of digital currency, request for payment in current currency to “unlock” earnings. The work done is really useful to scammers. Often these are individuals or even companies that sell services of "paid clicks” who recruit labor in this way. The "salaries" are paid, when it actually happens that someone manages to reach the threshold of collecting the money, in virtual currencies. This mechanism is used so that the victim can delude themselves into obtaining easy earnings, viewing the figures which however they will never be able to convert into real money. Sometimes the strategy goes through the “pay to get paid” mechanism. And the overall small figures, in relation to what has been earned so far in virtual currencies, push victims to send real money to unlock phantom transfers from abroad.

Some sophisticated scammers go so far as to replicate the websites of well-known companies to trap those who attempt a preliminary check before accepting the job. On Reddit, where you can spend hours reading about the bad experiences that have happened to the victims, someone talks about WhatsApp groups or Telegram with other supposed employees, generated by the fake employers to simulate a team and delay the recognition of the fraud.

As is easy to imagine, having selected databases, with numbers of elderly or frail people, makes the difference. The alleged scam is very recent nephew/son in difficulty, which sends a WhatsApp message to the victim, trying to obtain information, passwords and even send money. There is the variant of the "changed number", or that of the accident, which induce the relative worried about the fate of his nephew/son to dial the numbers suggested by the one who is actually the scammer, most of the time numbers added value that makes the unfortunate person spend money for a few minutes of conversation.

Christmas scams: the siege of "silent" phone calls

Pretending to have contact is also very fashionable lately wrong number. There is the very attractive Asian (the profile photos are artfully done, so that they can arouse the curiosity of the unfortunate ones) who, after receiving the victim's response, apologizes for the mistake, but in a way that is really too polite and excessively mortified. You then start with a conversation aimed at better understanding what the easiest scam to implement and most suitable for the case might be. It ranges from the so-called “love/Romance scam” (making the victim fall in love by then pretending to need money), passing through the “sextortion” (blackmail the victim after tricking her into getting naked on video), up to the classic “crypto scam“, a very general term that includes a gigantic amount of different scams. Some users report a different approach: the person who gets the wrong number is someone who asks for a "tourist guide“. Very common especially abroad: “Hello, are you my tour guide?”. Other times it's a fake invoice sending error (this technique is also used via email, but the purpose is different because it aims to infect the victim's computer with a computer virus).

It should be noted that these scammers - over time - have understood a fundamental aspect for optimizing the timing of soliciting victims: there is no need to be insistent, there is no need to persecute the victims. The insistence is very suspicious. Much better to move on to the next recipient, perhaps less attentive, rather than harass someone who starts asking questions.

Christmas scams: what is a ping-call

Another way to get money in a much more immediate way is to register a value-added numbering that is, a telephone number that does not correspond to the geographical identification codes of the area where the call originates, but which is subject to a higher rate than traditional telephone calls. This is a generally legitimate activity which is useful, for example, when you want to obtain payment from a customer for particularly specialized technical assistance or for an activity which is carried out over the telephone (consultancy of all kinds where it is the competence of those on the other end of the phone to provide the “added value”). Once we have managed - with the most disparate stratagems - to complete the registration of these numbers, we proceed with the so-called "ping call” that is, by calling a random number, in the hope that you will be called back. Sometimes, it is simply curiosity that induces victims to act, sometimes anxiety, sometimes waiting for a work call or from a relative whose number is not in the address book. When completed, this scam is called “slurs“. It is a very dated technique, but evidently still very profitable.

Aggressive practices but the Privacy Guarantor approves some of them

In the midst of all this sea of ​​scams and scams, there is - unfortunately - also that perfectly legal and unassailable activity of "silent phone calls” feedback. The interest in checking whether a user is active is justified by the cases mentioned at the beginning, but is also quite widespread in other situations. At most, in this eventuality, one can be accused of rudeness, of stalking, if the calls are repeated, but there is no violation of privacy regulations (which, if anything, is at the root of this activity) or anything else.

Among other things, there is even the case of a "silent phone call" from automatic router and, here too, everything is legal, there is even the backing of Privacy Guarantor which associates these calls with the activities of a call center. The official source explains the situation well Guarantor website which, surprisingly, does not believe there is anything to note if a call centre, "to optimize times, uses automated systems that generate more calls than the number of operators available to manage them, who, therefore, cannot speak to the user (and the phone call remains "silent") until they are freed from previous calls that the system has automatically routed". No limits, no obligations, no regulations to respect for them. 

Related Post
Categories: Tech