Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you
Using a phone to talk

Scammers call from fake Visa, MasterCard security

More time at home has phone call scams on the up, and more reason to think about who’s calling and what they’re saying.

“I’m calling from the security department of Visa and MasterCard,” the scammer calls out from the other end of the line. It’s lockdown in August, and clearly scammers are trying hard to get the money of Australians.

However, this call comes from a local mobile number, and thus comes across a little more convincing.

It’s no wonder then that already in 2021, criminals have managed to nab over $52 million AUD from Australians just from phone scams, with over 80,000 reports filed thus far, according to the ACCC’s Scamwatch project. That’s the financial amount of both email and internet scams added up for Australians this year, and more reports than in any other category. Even the massive amount of fake voicemail texts doesn’t quite add up to the number of phone scams being made.

Those scam calls are costing Australians bit time, and while some are easier to work out — no, the NBN is not calling you, and neither is Microsoft — when it’s about your debit and credit cards, and is all about someone possibly messing with your security, it’s understandable why we might take it at face value.

In this case, the approach of the scammer was a little flawed. For Visa and MasterCard to work together, our Spidey-sense had been flagged as these are separate companies, and Visa are very unlikely to work together. And yet we can imagine some people falling right for the trap, which would have led to your credit card details being requested, much like they do in every scam like it, and then the scammer running off with your dollar bucks leaving you red-faced and potentially penniless.

“Many people think that phone scams are obvious and they would know if a scammer was calling them, especially if it’s an automated message, however the latest statistics from Scamwatch show a very different story,” said Tim Falinski, Managing Director of Trend Micro’s Consumer section in the Asia Pacific region.

“The scammer’s goal is simple,” he told Pickr. “They used a phone-based approach to try and throw consumers off guard, either playing into their fear or catching them in a rush to get them to hand over sensitive information. This is often their credit or debit card details, including the three-digit security code on the back.”

Someone using their phone with a credit card

Scams like this are made even more real because of their use of local numbers, with Australian “04” mobile numbers seen as the caller making the call.

To do this, scammers employ a technique known as “overstamping” to spoof the phone number, which basically masks the real number with a fake one. It means the call you get from a scammer will look more legitimate than calling from another country, and offers a greater chance not just of you accepting the call, but falling for it, too.

Call spoofing is hardly new, but it’s something scammers are employing in droves simply because of how much more difficult it is to work out before you pick up the call. While you can always block any number not in your call list, that may in turn prevent you from seeing calls that matter, such as calls from old friends or family members not in your list, or even a company intent on hiring you.

Most people don’t go to this extent and block everything, which gives scammers a bit of a way in. That means you typically need to keep your wits about you, because with criminals pretending to be local callers, you’ll want to pay close attention to what they say.

“It’s important for Australians to know that organisations such as banks or other service providers will never proactively call you and ask for your card details or account login and password, so if this does happen, it’s most likely a scam,” said Falinski.

Scam calls using phone number spoofing and overstamping have a few obvious tells that you can look for, however, including the brief pause between when you pick up the call and when the call goes through to an overseas call centre. Don’t be shocked that overseas call centres are used for scam calls like these — they’re often funded and being performed en masse — so if you hear a slight pause and are forced to say “hello, hello” before it goes through, you’re probably dealing with a scam call, even if the phone number looks legitimate.

Alternatively, if you’re concerned, hang up and call the official number on the back of your credit or debit card, and call your bank for verification. Don’t call the number back that just called you back, because if it’s a spoofed number, you’ll just go to a random person. Rather, call your actual bank and ask whether it was them.

Falinski agreed, noting that “the best way to prevent being fooled into handing over information is to hang up and call back the organisation through its official number to verify the request and keep up to date with the common scams doing the rounds”.

You’ll probably end up getting a few of these, and if you do, call your bank. While they can’t stop the scams from happening, they should be able to put your mind at ease that hanging up was the right course of action.

Read next