I recently started receiving a voicemail message, arriving at about the same time each day. In the message, someone claims to have an "important message" for me and leaves a number for me to call back. I figure that it's a spam phishing call, but I am not sure how to respond or get the messages to stop coming. What's your advice?

    Requires Free Membership to View

    Login

Well, it certainly could be an example of phone-phishing, an evolving trend today. (About a year ago, I wrote a brief article that addressed VoIP phone phishing attacks.) You could choose to ignore the calls, but such things often pique my curiosity. To investigate and find more information, you should use a public payphone. You remember payphones, don't you? In ancient times, people used coins to pay for public phone calls. If you look in your local shopping mall (or the Smithsonian museums), you likely can still find a coin-operated payphone.

Call the number from the payphone and see who or what answers. But, do not give away any information about yourself. Don't reveal your name, phone number or anything else. Don't even provide them any numbers that were left in the voicemail that you received, unless you want to take your experiment to the next level.

Now, if you do want to go to the next level, you may want to type in a number that they have likely left for you in your voice mail, a reference number that the phishers have no doubt associated with your telephone number as they dialed it. That way, they can track who calls back. But, if you do type that number in, you are identifying your own phone number as someone who will respond to such solicitation. Typing in these reference numbers may help you get more juicy tidbits about what their goal is, but you also may start getting even more of these voice messages as a result. It's up to you to determine if you want to take the chance.

As for stopping the calls… good luck. That can be very difficult if you don't know what organization is making the calls. You can report the activity to the Federal Trade Commission as a possible violation of their Do Not Call list. If you haven't already, you may want to register for the federal Do Not Call list. The commission may even investigate your complaint. Without the name of the organization that is calling you, however, the FTC won't have much to go on.

More information:

  • Learn some defensive measures for new phishing tactics.
  • Read an excerpt from Hacker's Challenge 3: Big Bait, Big Phish.

    • This was first published in July 2007

    Join the conversationComment

    Share
    Comments

      Results

      Contribute to the conversation

      All fields are required. Comments will appear at the bottom of the article.
      Back to top