How Scams Work

Taking scams back to the basics

597651f418864.image.jpg

I have written my articles about scams and how to identify them, but now, I wanted to give you a behind-the-scenes look at how these companies actually get people to fall for scams. There are a few different aspects of scams that I wanted to mention. I also didn't want to simply bring up computer pop-up scams, but also the new scam that seems to be picking up steam rather quickly, the neighbor spoofing scam.

I will start with phone scams, because they seem the most prevalent recently. The majority of the 12-Steps to Avoid Scams I mentioned in my last blog about Corvallis Scams were in reference to victims answering their phone and doing what someone on the other end of the line instructed them to do. I will do my best to keep this light on the tech-jargon, but if I do dive in a little deep, I will do my best to bring you along for the ride.

I'm guessing when you read the first paragraph, you probably had the question, "What is neighbor spoofing?" Don't worry, I had the same question the first time I heard the phrase as well. After a little research, I learned that it is something to which I've dealt.

Have you received a phone call from a number with your matching area code? Better yet, have you received a call with a match area code and a local prefix? For example, you have a cell number with the area code 541 and live in Corvallis, Oregon with the prefix 760. You may receive a call from 541-231-xxxx (Corvallis cell phone), or 503-838-xxxx (Salem cell phone), or 541-753-xxxx (Corvallis landline). This is an example of neighbor spoofing, the process of using VoIP phones and specific software in order to gather YOUR area code and prefix in order to determine what number they want to "mask" their number as. This is why many people let any number that calls that doesn't have a name registered for their Caller ID, go straight to voicemail. I am a little bit of an exception because I LOVE talking to these people.

1140-scam-trends.imgcache.rev19878294a6386b48ffe80c0e404a5bab.jpg

I recently took a phone call about how to lower my credit card interest, and that they have a deal "specially for me." Their first problem was that I don't have a credit card. Second, I knew it was a scam. When I finally got connected to a human, and I asked them how I could lower my credit card interest without a credit card, they promptly hung up. These are the types of things that make me smile. I know, it's a little pathetic.

Now before I give you ways to partially remedy this problem, I want to touch on how many people get started in a scam. It usually begins with a pop-up in their internet browser that tells them some scare-tactic to get them to call the number. An example may be, "We've detected a virus on your computer. Call 1-800-xxx-xxxx to get it removed."

The first thing everyone should know about pop-ups, they are always fake. You will never get a pop-up inside your web browser if you actually had a virus on your computer. 

My goal, however, is to give you a little insight on what's actually happening in your browser. When a pop-up occurs, it is triggered by potentially many different things. It could be triggered the second you reach a webpage, or it may be triggered by a timer, which starts counting down once you access the webpage. The following code would do just that:

// open after 5 seconds
setTimeout(() => window.open('http://crashsecurity.com'), 5000);

It's actually pretty smart. It runs by using Javascript, which is a scripting-language (a programming language for developers). Javascript is universal across all web browsers which is what makes it popular as a pop-up originator. Through Javascript code, it is possible to hide certain aspects of the pop-up, including the toolbar, which can make it impossible to close the page. They will also make it so everything else on your screen is unusable. Some simple code like this will make the pop-up full screen.

// full screen pop-up
window.open(href, windowname, 'type=fullWindow,fullscreen,scrollbars=no');

In some instances, the pop-up may be "dependent," meaning it won't close until a different window closes. Quite often scammers will hide the window that the pop-up is dependent on, making it seemly impossible to get the pop-up to go away. Javascript making it dependent is as follows:

// dependent pop-up, as you can see, dependent=yes
window.open(href, windowname, 'width=400,height=150,dependent=yes,scrollbars=yes');

This is when most people panic, and rightfully so. It is frightening, and it is not a fun experience. FORTUNATELY, there is an easy way to get rid of it. If you press the following keys and hold them down, it will open a Force Quit box that will allow you to force your web browser to close. The key command is: Command (⌘) + Option + Esc. Press them in that order then hold them down, so press and hold Command (⌘), continue to hold Command while you press and hold the Option key, then the Escape key the same way. If you are still a little confused, Apple provides a support page for Force Quit.

Let's now get to the part that you care about, how to keep this from happening. Unfortunately, pop-ups in your browser will, for the most part, always be relevant, but as long as you know how to Force Quit, you'll be just fine.

The more frustrating scam is the neighbor spoofing. It is a pain and invasive. Luckily, my good friends over at Malwarebytes recently released an application for iOS. I beta-tested their app, which is still on my phone, but it is now available in the App Store. It is subscription-based, but it is well worth the cost.

One of the best parts of the app is this simple aspect, it will alert you if a call is a suspected scammer. I received a call from a 541 area code, which is mine, and a 740 prefix, a very, very common prefix in my area. Malwarebytes for iOS alerted me on the screen of the incoming call, and after the fact, it continued to tell me in my Call History.

IMG_6626.jpg

They give you lots of options for assistance. From a Phone List Alert section to Web Protection, it has everything. It ALSO has mobile pop-up blocking.

IMG_6627.png
IMG_6629.png

I can't recommend this app enough, and no, they are not paying me for this. It is fantastic, and I am very happy with it.

Lastly, how are pop-ups and neighbor spoofing related? Well, they both have a lot to do with call centers utilizing Call Optimization. According to research by Symantec, scammers have been utilizing scripts to find out what kind of browser you are using, as well as utilizing call optimization to dynamically insert phone numbers into the pop-up itself. The script to find the browser is quite easy to write.

// first check the browser. Is it Firefox, Safari, etc?
if (browserTpye=='isFirefox)
{
    if(browser.version >= 57) // what version of Firefox is it
    {
        document.getElementbyId("fr_mozilla_html").style.display="block";
        document.getElementbyId("fr_ie_html").style.display="none";
        document.getElementbyId("fr_safari_html").style.display="none";
        window.location.href="assests/eng_ff_auth.html?" + sPageURL + "&p_num=" + phone_number; // insert phone number
    }

    else
    {
        document.getElementbyId("fr_mozilla_html").style.display="block";
        document.getElementbyId("fr_ie_html").style.display="none";
        document.getElementbyId("fr_safari_html").style.display="none";
        $("#fr_mozilla_html").load("assests/eng_ff.html");
    }

Then you just have a script that assists in the Call Optimization.

  Call Optimization Service Script (Source: Symantec)

Call Optimization Service Script (Source: Symantec)

Well, I know it was a long blog, but I hope you got a little insight into how some of these scams work. Also, if you haven't read our 12-steps to avoid scams in our Corvallis Scams blog, make sure you check it out.

Take care and safe browsing!