Scammers are increasingly using new technology to replicate real organisations’ numbers when calling a potential victim, experts have warned.
So-called ‘phone spoofing’ is becoming widespread among fraudsters who send messages or make calls from numbers which appear to be those of a legitimate organisation.
It is called ‘whaling’ because they are going for much bigger fish. The email looks like it has come from someone seniorJOHN MACKENZIE
Government agencies such as HMRC are among organisations whose actual phone numbers appear in the caller ID on the mobile screens of victims of clever fraudsters, who are actually making the call from another number. The trick can scam even the most canny of consumers into believing that the call is actually from a legitimate organisation.
Even text messages can show up as appearing to be from legitimate numbers, meaning that victims see the fraudster’s message - which may be asking for money or bank details - show up in the same “conversation” as real interactions from the organisation.
John MacKenzie, partner at law firm Shepherd and Wedderburn, said that the increasingly sophisticated technology meant that people who would otherwise believe themselves to be savvy consumers could easily be duped.
He said: “This has got to be one of the most pernicious practices of recent times. The telephone is something that we have all been very comfortable with for decades and there is a sense of trusting that if a number appears on your phone, it is who it says it is.”
Meanwhile, a corporate version of the practice, dubbed “whaling”, uses similar technology to trick business’s finance departments into believing that an email has come from a board member or senior member of staff.
Mr MacKenzie added: “It is called ‘whaling’ because they are going for much bigger fish. The email looks like it has come from someone senior, asking a team member to transfer some money, however it has not.
“Some businesses have systems in place to deal with these practices, but others, particularly small companies, do not. They can be targeted by fraudsters and find themselves losing large amounts.”
Last month, the UK’s four mobile network operators joined forces with Mobile UK, to create SMS Phishguard, which aims to combat fraud by SMS. Starting with the banking industry and UK Government agencies, a new SMS SenderID Protection Registry will be established early in 2019 to allow participants to register and protect the message headers they use in SMS communications to consumers.
A spokesman for UK Finance said: “The financial industry invests millions to protect customers from fraud and takes scams such as number spoofing very seriously. Many of the solutions lie outside the financial sector, which is why the industry works closely with network operators, government and other key stakeholders.
“Together we are working to build on previous successes, such as the SMS Phishguard initiative, which is combatting text message fraud. Customers should always follow the advice of our Take Five to Stop Fraud campaign and question any uninvited approaches.”