The last thing an NBN scammer should do is call someone who writes about scams, and yet that’s what happened, so here’s how an NBN scam script can work.
This week, we received a call so many Australians have been receiving for months on end: an NBN scam telling us our internet connection had been taken over.
It started with an automated message and the option to press a number to be directed to someone, basically advising our NBN connection had been taken over and was at criminal risk. Clearly a scam — because the NBN would never call you — the message repeated whether or not we selected a number, and even after we had.
And eventually, we were connected through to an overseas call centre that clearly wasn’t someone from the NBN in Australia, but still we heard on, eager to see just what the script entailed.
Interestingly, our scammer was using a feature of Google to claim our NBN connection had been taken over.
How scammers use Google searches to make you think you’re scammed
On the end of our phone call was someone claiming to be Michael Walsh. Whoever that was, a bad line was making it difficult to understand quite what he wanted, but he wanted us to do a search. A really specific search.
Mr Walsh wanted us to type in “my 1p address location” into Google, and then read the results.
To a tech specialist, it’s pretty clear you’re being asked to type in a search about your IP address and the location it can be found in, but Googling those directly will give you IPs related to you.
That’s clearly not useful to a scammer trying to manipulate you, and so they need fixed information that isn’t your information. Simply put, they need information that doesn’t make sense to you to convince you of their legitimacy, so they’re having you search something very specific about IP addresses, or rather, something that doesn’t quite make sense about IP addresses.
What’s an IP address?
Anyone who connects to the web as an IP address, as does every server you connect to. There are two types — an IPV4 and an IPV6 — but they’re basically a unique identifier to say that you are someone connecting from somewhere online.
A series of numbers, these can tell you where you’re connecting from, not just via your telco but also where in the world you’re coming from, so if you’re connecting via Telstra or Vodafone or someone else, the IP can relay that.
Understandably, if you don’t know much about IP addresses or if you do and this is going somewhere else, you can easily think your connect is being taken over.
However, NBN scammers are also doing something different to convince you that your IP address has been taken over, pointing you to someone else’s website without you realising it, harnessing a Google feature called a “featured snippet”.
What is a featured snippet?
Google is constantly changing how its search works and what it loads, beyond the results of what you search for, however one of the things it can load is snippets of a webpage.
A featured snippet is basically a small version a webpage and how it relates to your query shown inside the search results page. It’s basically what you searched for in the top position, providing a link so you can click and read more, but with the pertinent information so you don’t need to.
There isn’t a featured snippet for every search online, but many queries have them, particularly really specific queries. And what NBN scammers are having you search does have one because of how specific it is.
Searching for an IP address without actually searching for one
Fun fact: if you type in “what’s my IP” into Google, Google will do an IP lookup for you and tell you what your IP address is.
However, if you misspell “IP address”, it may not, because you might be looking for something else. Interestingly, if you type in “what’s my i[” into Google, you’ll get an IP lookup because the open bracket “[” is so close to the “p” on your keyboard, Google does the math.
But if you type “my 1p address location” into Google, you’ll get a different result.
You’ll get this result, which is an IP lookup from iplocation.net for Google search and shows the IPV4 address and the location of Google’s servers as being in Mountain View, California. That’s Google, not you.
However this very specific search gives scammers the script to convince you that your NBN has been compromised, because the on-screen IP location is coming up as Mountain View, California, not where you live in Australia.
It’s important to note that this clearly isn’t you, because this is Google, and scammers know this. They just want to trick you into feeling that your security has been breached, and that you should trust them.
But you should definitely not, and the moment you’re asked to look at Google’s IP, hang up. Not only will the NBN not contact you, but your IP address isn’t going to be sitting at the top of a featured snippet box. If you want to read more about Google’s use of featured snippets, you can check Google’s documentation on what a featured snippet is, because it is mostly definitely not your computer’s information.
If you’ve reached this point, hang up. The call doesn’t get more legitimate. If anything, it just gets worse.
From there, the call escalates into transferring you to another so-called specialist, who can sound convincing and authoritative, but is yet another scammer on the end, and one hoping to either scam you out of money or connect to your computer and make your life more difficult overall. Hang up, it’s easier that way.