1(630)802-8605 Ravi.das@bn-inc.net

It’s hard to believe that we are just about three weeks away from Thanksgiving.  Don’t really know how fast this year has gone.  Anyways, as we hit Black Friday and Cyber Monday (which is I think right after Black Friday), and the upcoming Christmas shopping season, there is one thing that you need to look out for will all intensity: 

The Cyberattacker.  As I have mentioned in numerous postings in the past, the Cyberattacker’s trend is to now typically come out at certain times of the year.

This time of the year is one of them, and the next will be tax season.  So, what will the Cyberattacker have up their sleeves this time around?  Well, more than likely, they will be those Phishing Emails once again enticing you to shop for great deals at phony and spoofed sites. 

There will also be of course those that will claim that they are from the Salvation Army or the American Red Cross and try to lure you in making a donation.

But now, there will be another threat vector that is emerging.  It is not really a new one, rather, it is quite old, but its use by the Cyberattacker is becoming much more prevalent.  And that is, the use of Social Engineering tactics. 

In a broad sense, the Cyberattacker uses this avenue in order to prey upon human emotions and vulnerabilities of their respective targets, in an effort to reveal confidential and private information, or to try to get them to make some kind of payment to a phony, offshore account.

This type of tactic can occur in many forms, that is why they are so difficult to discern and track down. For example, they take form in a digital sense (such as a Phishing Email) or even a physical sense (such as sending out phony snail mails, making unsolicited calls, etc.).  It is the latter which is actually picking up steam, and these are specifically known as “Robocalls”. 

What exactly is it?  Here is a definition of it:

“A robocall is a phone call that uses a computerized auto dialer to deliver a pre-recorded message, as if from a robot. Robocalls are often associated with political and telemarketing phone campaigns but can also be used for public-service or emergency announcements. Some robocalls use personalized audio messages to simulate an actual personal phone call.”

(SOURCE:  https://en.wikipedia.org/wiki/Robocall)

So, as you can see from the definition, Robocalls are merely automated voice responses after you pick up your phone.  They can be used for all sorts of things, ranging from reminding you about your doctor’s appointment to making unwanted calls about the importance of voting for a particular candidate in an upcoming election.  Heck, in fact, I get them all the time. 

The most comical ones so far have been those stating that is a warrant out for my arrest, or that the IRS is coming after me for back taxes owed and that I need to give up my property.

For the most part, they really can’t do much damage (unlike a Phishing Attack), because you either choose to hang up or not even pick up the phone.  It is merely a nuisance, but if you keep getting them day after day, it can get very aggravating.  In fact, it can get so bad that even your number can get blocked if you are trying to call somebody.

A prime example of this just happened to me yesterday.  I was trying to reach out to my book editor a couple of times, and every time I called, my iPhone kept saying “Call Failed”.  I thought that was odd, because I Just spoke to him the week prior.  I emailed him and he said that he has been getting so many Robocalls, he has put some sort of block on all incoming calls so that he can filter through was real call and which was not. 

I know that my phone number is widely available, as I have that on my tech writing website for people to call me on.  I think that is how my number got blocked.  Anyways, Robocalls can play any kind of automated recording, and believe it or not, there is no law against them at least here in the United States, provided that they are being used for lawful purposes. 

Example of these include the following:

*Messages that are deemed to be informational in nature, such as those recorded messages that remind you of an important meeting or appointment;

*Messages that alert you to something will have an immediate, direct impact, such as a flight cancellation, or even an approaching weather event (such as a snowstorm, or tornado);

*Messages used by debt collectors in an effort to collect any outstanding bills that you may owe (but, while these are legal, there is a certain extent in the frequency that a collector can call you, and use threatening and/or abusive language);

*Calls from authentic organizations asking for legitimate donations.

But the FTC draws the line at that.  What is then considered to be criminal is if the automated message asks you to engage in some illegal activity, or even coerces you in divulging your Personal Identifiable Information (PII) in some manner.  Examples of this include the following:

*Performing a fake abduction:

Believe it or not, this has happened, but fortunately, it has only occurred in very few instances.  In this case, the Robocalled claims that a family member’s life is in danger, and that unless the person that picked up the phone takes pictures faking their own kidnapping, the worst will come.  Well, nothing like this has really happened, and keep in mind, that this sort of a Ransomware Attack, but one that is occurring over the phone.  If you fall for this (and I pray from the bottom of my heart that it does not), you will then be asked to send these pictures some phony address, either Email or snail mail.  Of course, the real damage then comes as these pictures make their way across the Dark Web, and then you become a victim of Identity Theft.

*Debt collection and unpaid bills:

As mentioned, this is probably the most common types of Robocall Attack.  Given the fact of just how about anything is available online, it is quite easy for the Cyberattacker to get a background check report on you to see where your debt exists.  They then use this information to prey upon your already found fears to get you to give up your credit card number to make a payment, or even, your Social Security number.

*Tech Support calls:

I just recently wrote a blog posting about this very topic for a client of mine.  In this regard, you get a call from a very well-known vendor, such as those of Microsoft, Google, Apple, etc.  The idea here is to prey upon your fears that something is horribly wrong with your computer or other wireless device.  The ultimate goal here is for the Cyberattacker to gain remote access to them, so that he or she can deploy Malware or some other kind of key logging software onto your device, so that they can covertly steal your passwords and other forms of PII.  This is probably one of the most successful forms of a Robocall Attack, because we are simply too attached to our devices, and would do just about anything to make sure that they are running in optimal condition.

My Thoughts On This

I get Robocalls all the time, and what do I do?  I barely answer the phone.  On my iPhone, if it appears to be a legitimate call, the name of the caller will also appear on it.  Otherwise, it is either a missed call or goes to voice mail.  More than likely, I usually delete the voice mail as well.  This is probably your best line of defense.  There are others that you can take as well, which include the following:

*Avoid giving out your phone number to everybody (in other words, make it less pubic by only giving it out those people who you want to have it);

*Join the Do Not Call Registry; here is the link:

https://www.donotcall.gov/

*Block the number on your iOS or Android device;

*Make use of Robocall Blocking services that are available from your carrier:

*Use a well-known and thoroughly tested app such as that of “Nomorobo”.

*Create an updated contact list so that if you do get a call, his or her name and/or other relevant contact details will appear.  That way, you will at least have some assurances that it could be a legitimate call.

It is also important to note that there other ways if you are receiving a Robocall.  Here is what I have seen in my own experiences thus far:

*You get a phone number to come up, and it only says, “United States”.  Here is an example of this:

111-555-1212

United States

Normally, a city/state should appear, or the name of the caller.

*You get a call that only rings once;

*You pick up, and nobody answers on the other end.  This is the Cyberattacker’s way of confirming that your phone number is legitimate, and actually belongs to somebody.

Probably, in the end, the best line of defense is just never answer your phone unless you absolutely have to.  If it is important, the caller can always leave a voice mail.  And never, ever dial back a missed call if you don’t know the number.  Of course, you can enter the phone number in a Google search to see if the number has been in used in recent scams as well.