Missed Call Scam (and why ‘cyber’ sucks, Snowden/EU, cell phone OPSEC, Chinese/NSA, Orwell/Spain/Syria, US in Ukraine)

Obligatory: https://thedaywefightback.org/international/?redirect=nope

Simple but clever bit of social engineering.

A missed call shows on your phone. You call back, and find yourself in a telephone runaround. The trick? You’re being charged for the call and for each minute they keep you on the line.

The scam is stupidly easy to pull off. The scammers just set up a computer programmed to call thousands of numbers, and let the phone ring only once. Just long enough to show on your “missed call” list.

And in a world of smartphones, where nobody really calls you unless it’s IMPORTANT… yeah.

Stuff I realized today. Why does the term ‘cyber-‘ suck? Because cyber is derived from cybernetics — which is all about CONTROL.

The term originates from Plato’s ‘cybernetics’, on the government of people. Later it turned into the art of controlling systems through technocal means, courtesy MIT’s Norbert Wiener et al. Wiener called it “the study of control and communication in the animal and the machine.”

In other words, the perfect way to describe mass surveillance using the Internet!

Maybe the term is more apt than I thought it was.

Snowden has agreed to testify before the European Parliament. The latter may end up calling for EU governments to grant him a safe stay in Europe. http://www.greens-efa.eu/nsa-scandal-11654.html

Using cell phones safely. Thai hacker-opsec monk The Grugq has a guide. Actually not bad advice… if not for the fact that as soon as you talk into the microphone you should probably consider yourself burned. Nevertheless I realize it’s not practical to “never say anything” so here you go. http://grugq.github.io/blog/2014/02/10/a-fistful-of-surveillance/

Excellent point. “You can’t stop the Chinese unless you’ve first stopped the NSA.” http://cryptome.org/2014/02/stopping-nsa.htm

“Orwell was hailed a hero for fighting in Spain. Today he’d be guilty of terrorism.”

US in Ukraine: Wayne Madsen has an interesting analysis. http://www.strategic-culture.org/news/2014/02/10/history-of-ukrainian-american-cabal-stoking-euro-maidan-protests-ukraine.html


“But here’s one that might be new for you: scammers are apparently trying to exploit your “missed call” screen, now.

The scam, simplified: They call you, but immediately hang up. You see a missed call. You call back. They charge you for the call, and for each minute they can keep you on the line.

According to the BBB, this so-called “One Ring” scam is on the rise.

Like many a ruse, this one relies on hitting many, many potential targets at once. The scammer sets up a computer to call thousands of numbers per hour — because for every 99 people who follow their gut and don’t call weird numbers, there’s 1 person who will. Maybe they’re waiting for response on a job interview, and don’t know what number it’ll come from. Maybe they’re hoping it’s that girl from the bar last night. Maybe the number just looks kind of familiar. It’s all about making mass sweeps and finding the exceptions.

The trick? They only let the call ring once before it automatically hangs up. One ring is enough for the number to show up on your missed call screen, but just short enough that you’re not likely to answer it in time (which keeps the call from fully connecting and thus keeps the scammer from having to front for any long distance fees.)

Speaking of long distance fees: the number it’s dialing from is, generally, one from outside of the US — but one that has the same country code (+1, which we share with Canada and almost all of the Caribbean nations, from the Bahamas to Jamaica), and thus looks a whole lot like a US number. On US premium numbers, the FTC requires the caller to explicitly agree to charges. On international numbers, the FTC has no jurisdiction.

We’ve seen tricks like this before, using many of the same basic concepts —the sneaky international number, the hook to get you to call it back. A few years ago, a common scam technique was to text someone saying “Your [relative here] is hurt, and you are the emergency contact! Call [sneaky international number here] for more information.”

But this is the first time I’ve seen them boil it down to a simple missed call. It plays on the ubiquity of smartphones, and that… no one really calls each other anymore. If someone is calling, it’s probably important, right? Better call’em back!

While reports on scams like this tend to warn you that you’ll be charged a zillion dollars per second, that’s… usually not the case, in reality. Carriers will often void the charges if they/you catch them, so the scammer’s goal is often to keep anyone from noticing the charge. They’ll charge you a few bucks to establish the call, then a few bucks for each minute they keep you on hold/on the line.”

%d bloggers like this: