You will probably not have heard of it, but the Google Voice Verification Code Scam is an excellent example of how the simplest methods are often the most effective and how easy it to become unwitting accomplice of fraudsters and scammers.
The Growing Threat of Cyberattacks
The news are full of cyberattacks of large proportions. They target large corporations and result in the loss of personal data of thousands or financial theft. Or we hear about state-sponsored cybercrime by regimes as a form of cyberwarfarethat employ hackers to gather intelligence or to exploit vulnerabilities in the national infrastructure.
In the large majority of cases cybercrime is not the highly sophisticated game we associate it with. More so, it exploits the weakest link in an organization. For example, by confounding an employee by sending an email with a fake senderaddress misleading the recipient about the origin of the message containing a link to a document, which once opened transfers dangerous malware onto the computer and thus breaches the firewall and an organization’s defenses.
The Importance of Being Earnest
Only the other day, the German financial watchdog BaFin issued a warning regarding a serious case of identity fraud. The regulator wrote that it had “become aware of several cases in which an alleged Dr. Elisabeth Roegele sent fake emails containing false requests for payment.” Dr. Elisabeth Roegele is, of course, the vice-president of BaFin, which makes her such an interested target for cybercrime. The statement stressed that the authority does not ask anyone by phone or email to transfer large sums of money to certain accounts and asks all persons who come into contact with such requests or offers to refuse them and to report them to the police or the public prosecutor’s office. Still, it shows the present threat and you wonder whether someone has already fallen for the scam.
Or they use large networks to spread virus or do their dirty work. If you want to see how it works, try looking up the IP address of the sender when you receive an email with obviously fraudulent content and in some cases I’m sure you get some interesting of people who are most likely not behind the scam and most definitely aware what their computers do in the background.
The Google Voice Verification Code Scam
An even simpler example about how easy it is to become unknowingly part of this system shows the Google Voice Verification Code Scam. Google Voice is a telephone service that provides call forwarding and voicemail services, voice and text messaging, as well as U.S. and international call termination for Google Account customers in the U.S. and a few other countries. It’s fairly easy to obtain but in order to create a Google Voice account, you need an existing phone number, which you have to produce during the signup for identity verification.
Since it’s free it’s very attractive to fraudsters and to get around the obstacle of providing their own number, they look for victims they can use with numbers that are public somewhere like an online ad or on dating websites.
During the setup, the fraudster simply calls or texts a victim and ask them to send them a a verification code to confirm that they’re a real person and not a bot. Once the victim receives the verification code from Google, they gullibly forward in on and, voila, they are the next victim in the Google Voice Verification Code Scam. The victims don’t provide any personal data and the criminals can’t access their real phones, but they have added another node to the fraudster’s growing network. Unless you have provided more information, and we are talking sensitive information, it’s unlikely to create massive problems for the victim since even if you want to set up a Google Voice account at a later stage, you can easily rectify your mistake by verifying your phone number during the account setup process.
Still, it shows how easy it is to fall for the Google Voice Verification Code Scam and any other scam of that sort, since the same process works for plenty of other applications.
The bottom line is that your data is valuable and that unfortunately we live in times where we need to be extra vigilant, especially in times of heightened fraudulent activity like today.