Information Security Awareness Training Alert: In a new callback scam, attackers use call generators to call mass United States’ cell phone numbers. The calls usually ring once, and the number displayed is an international number (typically from the Caribbean), according to this ic3.gov press release.
When the recipient calls back the number, an automated message is intended to keep the caller on the line, charging for an international call. The longer you stay on the line, the more money the attackers generate.
This attack isn’t isolated to individuals. Businesses are also seeing the attack because individuals use professional lines to call back the phone number.
Telephone companies in the United States are charged when a return call is made because they are required to pay a fee to transfer calls to foreign countries. The payment is then shared with the attacker who made the calls. This is referred to as International Revenue Share Fraud (IRSF).
Area codes used in this include: Anguilla, Antigua, Barbados, British Virgin Islands, the Commonwealth of Dominica, Grenada, Montserrat, and the Turks and Caicos Islands.
What should you do?
If you do not do business with the stated countries, you may want to consider blocking calls from those area codes.
When you receive a missed call from an unknown caller, do not callback unless there is a voicemail with a known caller. If the call is important, they will call you back. This is especially important if the call is coming from a foreign number or if you only hear one ring before a hang-up.
If you do happen to callback, immediately hang up if you begin to hear an automated welcome message.
For more information on security best practices, Security Awareness Training and other compliance training products, click our products’ page here.