2024-10-21 05:00:00
www.welivesecurity.com
Scams
Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers
21 Oct 2024
•
,
5 min. read
In our hyper-connected world, technology has transformed the way we communicate, enabling us to connect with anyone, anywhere, at the touch of a button. One of the most popular services to take advantage of the near ubiquity of high-speed internet coverage is Google Voice.
But with any popular digital technology, there are usually risks. In this case, scammers have for years been tricking users into providing access to accounts, which can then be used in follow-on fraud. Indeed, Google Voice schemes accounted for no less than 60 percent of all scams reported to the Identity Theft Resource Center (ITRC) in the US last year. It’s time to wise up.
How do Google Voice scams work?
Google Voice is a free voice-over-IP (VoIP) service that allows you to set up a virtual phone number linked to your Google account. With it, you can record voicemails, send text messages and exchange voice and video calls – all free of charge. Even better, it links to your mobile or landline number, so that when someone calls the Google Voice number you can pick up using your physical handset. That makes it a handy way of keeping your real phone number private.
RELATED READING:
Why scammers want your phone number
Hello, is it me you’re looking for? How scammers get your phone number
However, Google Voice numbers are also in high demand from scammers, who use them to perpetrate digital fraud and other offenses. The classic Google Voice scam goes something like this:
- Setting up a Google Voice account. The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does.
- Posing as buyers or sellers. They look for a victim online, often posing as a prospective buyer or seller on a site like Facebook Marketplace or Craigslist. They will pretend to be keen on an item you’re selling or be interested in selling/renting out to you, but claim that they need to make sure you’re not a scammer or a bot. Some fraudsters may begin the scam by replying to online posts about missing pets, which may contain the phone number of an anxious owner.
- Requesting a verification code. The fraudster will tell you they’re going to send a Google ‘verification code’ or similar to your device, and ask you to forward it in order to set their fears to rest. As is their wont, the scammers can be pretty persistent.
- Using your number for fraud. However, the code is a two-factor authentication (2FA) code that Google requests to secure logins and onboarding for Google Voice users. Once you forward the code, the fraudster is able to link that account to your number, and then start using it for various types of criminal activity. The code itself will come from Google, so it is legitimate. What is not right, however, is the scammer asking you to forward it to them.
The bigger picture
So what happens next? The scammer will probably remove your personal number from the account to reduce the chances of you discovering what they’ve done, and link it to their own. Then they may do one of several things:
- Sell your Google Voice number and account to other scammers
- Place vishing calls designed to scam victims, using your Google Voice account
- Embed your Google Voice number into email phishing or smishing messages
- Use the Google Voice voicemail feature to record messages posing as legitimate authorities, in order to further their scams
- Use the Google Voice number and spoofing software to call or text your family and friends, asking for emergency funds
The FTC also warns that sometimes the fraudster will try to obtain personally identifiable information from you as well as carry out the Google Voice scam. If they do so, they may be able to impersonate you in order to open new accounts in your name, or access existing ones.
It’s worth remembering that generative AI and deepfake software could be used in conjunction with some of the above scams to impersonate others in a highly realistic way.
How to stay safe from Google Voice scams
The easiest way to avoid a Google Voice scam is to immediately cease communicating with anyone who requests that you ‘authenticate’ by sharing with them a Google authentication code.
Texts and voice messages sent from Google, banks and other legitimate organizations are clearly identified as intended solely for your use, and must not be shared with any other person. They are designed to keep your accounts secure, not to enable a third party to access them.
If you’re buying or selling items on a digital platform, and the person on the other end of the transaction is still keen to prove you’re not a bot or a scammer, there may be other ways to validate your identity. Take a look at them – at the very least it could call the bluff of a would-be fraudster. And at best it may help to progress the transaction. If they suggest taking the conversation off that platform and onto WhatsApp or a voice call, that should be a red flag.
What to do in a worst-case scenario
If you realize you’ve been the victim of a Google Voice scam, there’s a dedicated page designed to help you reclaim your Voice number. Any number removed from the account can be re-added within 45 days, according to Google.
Also, submit a complaint to the FTC at this address and consider filing a report with your local law enforcement or IdentityTheft.gov, particularly if your personal information has been compromised.
There’s a cyclical element to a great deal of online fraud. It’s true in the case of social media users, whose accounts are hijacked and used to send out messages designed to dupe others into falling for scams. And it’s also the case with Google Voice scams, where threat actors trick users into handing over account access, in order to scam others. User awareness is the best way to break the cycle.
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.