A woman in Arizona received a call from an unknown number recently. When she picked it up, she heard her daughter's voice who was sobbing and crying for help. A man on the other end said that her daughter has been kidnapped and demanded a ransom. A few minutes later, it was found that her daughter was safe and it was all part of an AI phone scam, faking her daughter's kidnapping. Recounting the terrifying experience, the woman said, "It was completely her voice. That’s the freaky part that really got me to my core."
This is just one example of how powerful, well-equipped and trained the fraudsters are getting day by day, with the help of technology. Among other cybercrimes, phishing and online impersonation scams are on the rise with scams such as the HDFC scam, CEO fraud and work-from-home scam frequently making it to the headlines.
With the increasing prevalence of these scams and the adoption of sophisticated techniques and tools by scammers, protecting oneself against such fraudulent activities is becoming increasingly challenging. Experts believe that it is of utmost importance to stay vigilant and know about the channels and mediums that can be used to extract personal information, data or money from you. We look at different kinds of apps and tools that are commonly used by scammers.
SMS Forwarding Apps
Speaking to BOOM, cyber crime consultant Rupesh Mittal explained that scammers usually use the conventional way of impersonation, where they call pretending to be a bank official, or from a helpline number and ask for personal and sensitive information. "Since there has been a lot of awareness of why one shouldn't share their OTP, cybercriminals have become very smart. Now instead of asking you for an OTP directly, they will ask you to install certain SMS forwarding applications, and from that they may receive the OTP," he said.
There are multiple apps available online such as AutoForward Text, SMS Forwarder and PhoneLeash that allows one to automatically forward text messages, and WhatsApp messages to email and other phone numbers. Scammers might ask victims to install these apps to track the progress of the complaints and one might give certain app permissions in the process.
Screen Sharing Applications
Scammers also use screen-sharing applications to implement tech support scams, where they pose as customer or tech support representatives and reach out to their target. According to Ardhendu Sekhar Mahapatra, a cyber security content analyst, "The scammers might tell you that there is a certain issue with your account or device, and a diagnosis needs to be done. For this, they will ask you to provide remote access to your device using apps such as Team Viewer or Any Desk. Once installed, the fraudsters can access everything on their phone."
In January 2023, while generating the PIN of a new credit card, a 26-year-old civil engineer fell prey to a cyber scam and lost Rs 60,000. The fraudster reportedly asked him to download Any Desk and then instructed him to scan a QR code located on the back of his credit card.
Voice Over IP/ Voice Editing Application
In a practice called voice phishing, cybercriminals employ fraudulent phone numbers, voice-altering software, and sophisticated social engineering techniques to gain unauthorised access to sensitive or personal information. Adding to the list of tools or ways used by scammers, Mittal explains how making phone calls via the Internet could also lead to scams.
"Voice Over Internet Protocol, commonly known as VOIP uses the internet for voice calls. Through this, scammers can impersonate a number also. If I want to make a call with your number, it will look like I am calling from your phone. After that, one can use some voice-modification apps to match the frequency of anyone," Mittal added.
VOLTE is also commonly used for high-speed wireless communication and is similar to VOIP.
McAfee’s Mobile Research Team recently discovered over 60 apps containing a third-party malicious library, which can be misused by cybercriminals. If these apps are downloaded, scammers would reportedly be able to access your phone's Wifi history, connected Bluetooth devices, active apps and other information.
At times, third-party apps could be malware that can steal data from your phone. "This might not be the case always, but it isn't easy for one to gauge if an app is safe to use or not as it requires a little technical knowledge. It is, therefore, suggested to download apps via Play Store, as it is slightly safer. Play Store internally checks if an application has malicious code or not. If it somehow finds that any malware is involved, the app is taken down" according to Mittal.