Back when digital scams were new, they used to impersonate the position of someone in power. Whether it was a wealthy prince from another country or the CEO of a large business, they would act as if you were plucked from the masses to be granted a gift of several million dollars.
Of course, these days, people know that Bill Gates won’t email them out of the blue. That’s why scammers have taken to impersonating entities a little closer to the victim, such as the companies they interact with.
Recently, I received the following text on my phone. It was very convincing, but the scammer was a little off the mark. They claimed to be from the network provider O2, and while I was once an O2 customer, I have since moved on.
Still, it showed the scammer had done their homework and knew I was at least affiliated with O2 at one time. As such, it’s interesting to break down this attack and see how the scammer knew what network I used to formulate the attack.
How Did the Scammer Know?
So, how did the scammer work out that I used O2’s network? As it turns out, there are ways to look up which carrier assigned a phone number.
If you look on the Internet, you’ll find websites that will match a number to the carrier that gave out the number. This is done using the information on what carriers gave out which numbers.
As you can see from the screenshot above, when you look up my phone number, it says that “Telefonica UK Limited” gave me my number. If you search that company, O2 will pop up.
You may have noticed we talked about how these tools find who “assigned” and “gave out” numbers. That’s because you can get information on whom originally gave you the number, but not which carrier that number is currently on.
As such, when the scammer looked up my number, they saw that O2 originally assigned that number to me. You can tell it’s my first mobile number because the above screenshot shows an assignment date of 2000.
How the Scammer Used this Information
As you can see from the first screenshot, the scammer used this information to create a fake carrier message. They told me that I had a late payment and that I had to make it now or else I would have to pay a fine.
The link did lead to a convincing login page that copied O2’s aesthetic perfectly. If I had entered legitimate login information into this page, it would be sent to the scammer. This kind of attack is called phishing, where a scammer tricks a user into surrendering their login information.
How to Protect Yourself from This Attack
People who have changed carriers in the past will likely see through this attack right away. However, if you’ve stuck with the same carrier, these texts can look very convincing.
As such, double-check any links sent to you. If it looks odd, ignore it. If you’re worried that it may be legitimate, try logging onto the website via your web browser as you normally do.
If you haven’t changed your carrier since you were originally assigned your phone number, you may see convincing scam texts. Scammers can find your carrier and use that information to craft a phishing link. By staying diligent, you can avoid this nasty attack. On top of this, you should also learn about the top 10 Internet scams in 2020.
Have you ever seen a phishing attack posing as your carrier? Let us know below.