Here are some security hot takes for the week. These are random bits and pieces, but they point to some (hopefully) valuable insights.
One Security Hot Take: The Chinese Language Spam Call
The first security hot take is about spam calls. I’m sure you receive them as well. I get about two per day on my mobile number and another 2-3 per day on my office number. I don’t answer calls from numbers I don’t recognize, and the spammers rarely leave a message. So, these are easy to dispose of.
One spam caller does leave a message, in Cantonese or Mandarin. Since I don’t speak the language, I don’t know what the message is about. At least, I didn’t until today. Today’s caller left a message, which my iPhone transcribed into English. Voila!
Hello, this is a notice from the consulate general of the People’s Republic of China in United States. You have an important document that has not yet received today is the last notice please contact us give me a call…
I would guess that once I call the Consulate, they’ll ask me for some personal information before shipping off my “document.” I can imagine being a recent immigrant and thinking that this message is serious.
The Stupid-Criminal Spam Call
The second security hot take was the spam caller whose Caller ID was NOT IN SERVICE. Yeah, going to take a wild guess that the number isn’t legitimate.
The “You’re Going to Jail” Spam Call
The third security hot take was more elaborate. I received a call from Caller ID UNKNOWN, which I didn’t answer. The person left a detailed message, including a toll-free callback number. They stated that a relative was about to be served for a past-due debt and I should call them back right away. My wife received the same message and did call them back. The agent had a lot of personal information:
- Social Security Numbers (in full) for me, my wife, and our relative
- The home address for our relative
- Our full names
The agent also said they worked for a law firm that was handling the debt collection: Hudson Rossmore. That was the clue I was looking for.
When I searched on the law firm’s name, the first result was not the law firm’s website (a warning flag). Whhat I did get was an FTC article about phantom debt collectors that are impersonating law firms. Sure enough, the firm of Hudson, Rossmore was mentioned by several commenters.
The second link (from 800Notes, one of my favorite tools for checking on phone numbers) had several comments about this spurious law firm as well. Apparently, they’ve been cycling through several toll-free numbers.
Judging from the comments, I’m guessing that this operation is accessing records associated with debt collection and then constructing these calling campaigns to collect money over the phone. It seems unlikely that they could randomly put information together about a debt. Then again, the cost of making these calls is pretty low, so who knows.
My Favorite Security Hot Take: The Gift Card Scam
The last security hot take is happening as I write this. I received an email from my boss, Georg.
Those of you who’ve received these kinds of emails know what happens next. In my case, they’re asking for Google gift cards.
Let’s review a couple of the “tells” in this message.
- The email address (a Gmail address) doesn’t match the Display Name.
- The attempt to compel me to act now, without asking anyone.
- The “I can’t talk” message, encouraging me to interact via email
I won’t bore you with the rest of my interactions with “Georg.” Let’s just say he’s OK if I want to buy more gift cards. He also doesn’t want me to bother getting the CFO’s approval for this transaction.
Fortunately for me, images of Google gift cards are easy to find 😊
Some Basic Anti-Phishing Advice
My last security hot take is an article I found on ways to protect yourself from phishing attempts. If you’ve been through any security training (from me or others) this will be old news. But there’s always another person out there who needs some education, so I share the article in that spirit.
I’m the VP of Global Services at CGNET. I manage our Cybersecurity and Cloud Services businesses. I also provide consulting and handle a lot of project management. I wear a lot of hats. Professionally, I’m a builder of businesses. Outside of work, I’m a hobby farmer, chef, skier, dog walker, jokester, woodworker, structuralist, husband and father.