“Please stay on the line” : A cautionary tale

While at dinner yesterday, I heard about a particular scam that’s doing the rounds, and felt I should really share it as far and wide as possible.

A friend of a friend received a phone call. In the UK. On his home phone number. A landline.

The call was from the police. And the call was simple.

“Good evening. This is X calling from Police Station Y. We’ve apprehended some youths who had an inventory of cloned credit cards with them. Your details were amongst them. We recommend you call your card fraud unit immediately to report the clone and to cancel the cards.”

So this friend of a friend immediately took out his cards, looked up the fraud number, called them, and then went through the formal rigmarole of identifying everything possible about him, sharing confidential details.

All well and good.

Until that card was emptied of all value.

Because he hadn’t been speaking to the fraud department.

And he hadn’t been called by the police.

The call from the “police” was a scam. And when that call “finished”, they didn’t hang up, they just stayed on …. silent. So when he dialled out to the fraud department, he wasn’t dialling anyone. He was just pressing digits. And when he got through to the fraud department, he was talking to the fraudsters.

Who helped him divulge all the confidential information they would need.

And then helped themselves to his funds.

That’s all she wrote. I suspect this only works on landlines; I suspect the process described is very UK-centric. But it sounds too easy to fall for.

Hence this post.

8 thoughts on ““Please stay on the line” : A cautionary tale”

  1. So many scams around. I had one the other day from a friend. He sent an email to say he was in Manilla and his bag had been stolen, the embassy had given him a duplicate passport but he needed money to pay his flight home and pay his hotel bill. I emailed him back and told him to give me the hotel phone number as his phone had been stolen. He replied to say his flight was leaving and the hotel wouldn’t let him leave without paying and to send the money by direct transfer as it was so urgent. I smelled a rat, but I couldn’t put my finger on it. Many people could be conned by this one too? It did sound very real. But not real enough. I didn’t send any money, but I had 4 emails in quick succession from him which all sounded like they were actually from him. I think we all have to take care, the pickpockets that abounded in Dickens time now roam the ether.

  2. Never easy to think you’ll be caught out by scam until afterwards. RMAS used a similar guise to teach Friend or Foe — make you emotional (drop your guard) bam!

  3. I found an interesting one back when I was trying to get a puppy. I found an advert from someone claiming to be a breeder getting out of the game and that they had a full litter of border collies.
    I had answered a few ads already so didn’t really see anything wrong in this.
    They emailed back asking me to fill out a questionnaire (quite comprehensive) about where I lived, my situation etc. It all seemed quite genuine and exactly the sort of thing you would do to weed out potential owners.
    After I passed this ’round’ they informed me that they lived on the Shetland Islands but knew a good firm would could get the dog to me for about £200.
    This is when I thought things were a bit dodgy. Their use of English seemed a bit off, so I used google earth to check the address they’d given me to find it was on an industrial estate. Could still be genuine?
    I checked the shipping company and their website looked a bit old and a bit ‘off’. So I did a whois on the domain and found it was registered to an address in Nigeria.

    After that I did some checking and there seems to be a lot of these subtle scams out there, mostly posted on boards like craigslist etc. I’d imagine a fair amount of people get sucked in and it doesn’t get reported as much as most people would be embarrassed to admit it.

  4. Not a UK-only issue, JP. One of my female Chinese neighbours got a call from the local Shenzhen police just before Christmas. Her bank account, she was advised, had been compromised. A policeman would come around to help her. He duly arrived and suggested he accompany her to the cashpoint where she could take her cash out and he would take it to the police station for ‘safekeeping’. He even gave an ‘official receipt’ for the cash. She went to the police station the following day to ‘withdraw’ enough cash to go shopping. She didn’t get to go to the shops.

  5. Heard this one recently too, was on the internal security forums,
    Very worrying, most people stop thinking rationaly if they are told they have been skimmed, so miss things like dial tone, etc.
    Seen other reports of cards skimmer on train ticket machines, etc,

  6. I’ve heard that sometimes the scammers play a dial tone recording when you hang up so that when you pick up again to call your card provider, you hear exaclty what you’d expect, further lowering your guard.

  7. The insecurity of land lines is legendary. They were never designed to be private.

  8. In my opinion in most of these cases, the culprits must be collaborating with people working at the local exchange carrier or be able to bridge their wiring right into the local loop (roadside cabinet, MDF).
    I remember back in the ’90’s when there was a wave of premium rate fraud going on using innocent peoples analogue lines, someone would simply connect a cheap dialer or a whole rack unit of dialers into the local loop (in building/curbside MDF or at the local exchange…) and merrilly dial away to PRN’s charging CHF 50 a call… Millions in damage, however the LEC had to bite the bullets and not the customers as they were responsible for the integrity of the loop. In this case it should be the same, they will either have a CDR or SMDR generated by the exchange and subsequent transit exchanges with all relevant originating and terminating call info (generating the “paper” trail) OR they know they have a local breach, and if so, especially in these cases, they must be working from the local exchange CO, as I cannot imagine them being able to have a live conversation street-side.
    In principle using ones cellphone to call or call back the bank, card company or police is probably your safest bet.

Let me know what you think

This site uses Akismet to reduce spam. Learn how your comment data is processed.