How Scammers Impersonate Your Carrier in Texts

Carrier Scam Featured

Back when digital scams were new, they used to impersonate the position of someone in power. Whether it was a wealthy prince from another country or the CEO of a large business, they would act as if you were plucked from the masses to be granted a gift of several million dollars.

Of course, these days, people know that Bill Gates won’t email them out of the blue. That’s why scammers have taken to impersonating entities a little closer to the victim, such as the companies they interact with.

Recently, I received the following text on my phone. It was very convincing, but the scammer was a little off the mark. They claimed to be from the network provider O2, and while I was once an O2 customer, I have since moved on.

Carrier Scam Text

Still, it showed the scammer had done their homework and knew I was at least affiliated with O2 at one time. As such, it’s interesting to break down this attack and see how the scammer knew what network I used to formulate the attack.

How Did the Scammer Know?

So, how did the scammer work out that I used O2’s network? As it turns out, there are ways to look up which carrier assigned a phone number.

Carrier Scam Lookup

If you look on the Internet, you’ll find websites that will match a number to the carrier that gave out the number. This is done using the information on what carriers gave out which numbers.

As you can see from the screenshot above, when you look up my phone number, it says that “Telefonica UK Limited” gave me my number. If you search that company, O2 will pop up.

You may have noticed we talked about how these tools find who “assigned” and “gave out” numbers. That’s because you can get information on whom originally gave you the number, but not which carrier that number is currently on.

As such, when the scammer looked up my number, they saw that O2 originally assigned that number to me. You can tell it’s my first mobile number because the above screenshot shows an assignment date of 2000.

How the Scammer Used this Information

As you can see from the first screenshot, the scammer used this information to create a fake carrier message. They told me that I had a late payment and that I had to make it now or else I would have to pay a fine.

Carrier Scam Phishing

The link did lead to a convincing login page that copied O2’s aesthetic perfectly. If I had entered legitimate login information into this page, it would be sent to the scammer. This kind of attack is called phishing, where a scammer tricks a user into surrendering their login information.

How to Protect Yourself from This Attack

People who have changed carriers in the past will likely see through this attack right away. However, if you’ve stuck with the same carrier, these texts can look very convincing.

As such, double-check any links sent to you. If it looks odd, ignore it. If you’re worried that it may be legitimate, try logging onto the website via your web browser as you normally do.

Carrier Confusion

If you haven’t changed your carrier since you were originally assigned your phone number, you may see convincing scam texts. Scammers can find your carrier and use that information to craft a phishing link. By staying diligent, you can avoid this nasty attack. On top of this, you should also learn about the top 10 Internet scams in 2020.

Have you ever seen a phishing attack posing as your carrier? Let us know below.

Related:

Simon Batt Simon Batt

Simon Batt is a Computer Science graduate with a passion for cybersecurity.

One comment

  1. I do not own a cell phone so I have never received such as message. However, the scam is not limited to carriers. Over the years I have received phishing emails from many sites: PayPal, Google, etc. All the messages threaten to suspend or cancel my account, refer my account to a collection agency, or some similar dire action. When I hover the cursor over the sender’s address, 99 times out of a 100 it is some seemingly random collection of characters or an address generated by an anonymizer app. That sort of gives the jig away.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.