Spoofing - Do you know who you are talking to??
Updated: Jun 17, 2020
One of the spoofing scams that regularly earns a great deal of money involves the fraudster ringing the victim pretending to be a doctor at an Accident & Emergency Unit not too far away. It usually goes something like this;
Jane Hopkins is in her early 50’s, happily married with three grown-up children and living in a nice 4-bed semi in deepest suburbia.Their mortgage is small and her husband is a sales rep for roofing company. He travels extensively around the midlands in a nice company car and is secretly planning a surprise party for their 30th wedding anniversary.
Fraudster, ‘ Can I speak to Mrs Hopkins?’
Mrs Hopkins, ‘Who is this? Why are you ringing from my husband’s phone?’
Fraudster, ‘I’m Mr Richards a consultant surgeon at East Midlands General Hospital. I’m afraid I have bad news. Your husband has been involved in an accident and is seriously ill. I’ve just left him connected to the life support system. I’m really sorry to have to break the news in this way’
Mrs Hopkins, ‘Is he going to die?’
Fraudster, ‘I’m doing everything I can to save him, but I can’t promise anything.
Mrs Hopkins, ‘Tell me where you are and I will leave now’
Fraudster, ‘No, you can be more help to him from there.
Mrs Hopkins, What do you mean?’
Fraudster, As you know the NHS has had massive cuts and this has impacted on emergency treatment. I need to insert a device into his heart to maximise his chances of living. Unfortunately these devices are made of a mixture of titanium and platinum and as a result cost a lot of money - more than the NHS will fund. Ordinarily this is only done privately and not in an emergency situation, however, the choice is yours’
Mrs Hopkins, ‘What do I have to do’
Fraudster, ‘I’m happy to give my time for free but I’m afraid you need to pay for the cost of the device, which is £5,000, but it will massively increase your chance of having him back.
Mrs Hopkins, ‘I can pay that, how do I do it?’
Fraudster, ‘The supplier will not release the device to me without payment up front so I need you to transfer the money directly to them as soon as I put the phone down. The sooner you do that, the sooner I can operate and the sooner he will be back home’
Mrs Hopkins, ‘OK give me the details of the account I need to transfer the money to’
If you think that Mrs Hopkins sounds gullible, think again. I’ve seen one particular guy take dozens of victims by using a very similar script to this. Victims are shocked to their core - it’s the very phone call that everyone dreads. As a result, all rational thought goes out of the window and the decision is made using their heart rather than their head.
If a victim challenges the fraudster, the fraudster becomes indignant ‘Use your common sense, I’m ringing you from your husband’s phone. I took it out of his blood-soaked jacket. How else do you think I got your number’ Nine times out of ten, this convinces a doubting victim.
An even more ruthless approach involves the fraudster pretending to be a supply teacher at their children’s school and informing the victim (via their child’s mobile phone or even the school landline number) that their child has had a seizure in the playground. A blood vessel has burst in their brain and the surgeon needs to speak to them. The phone is then handed over to an accomplice who plays the role of the surgeon. The conversation is then much the same as the first example.
I knew a married couple with children of their own who have regularly practiced the supply teacher/surgeon scam. Having scammed someone and undoubtedly scared the living c*&p out of them, they then go outside and play with their own children or take them to some after school activity. Even to me, these people are a breed apart.
A variation on the same theme is the spoofing of an email address. Imagine this, it’s 630pm and you have just got in from work; your mobile pings to alert you that you have an email. You are starving and really can’t be bothered to do anything other than eat, however, a cursory glance at the screen changes that. You see the email headline ‘Urgent - not a scam!’ and you open it up.
The email is from your brother and from his regular email address. You have already received an email from him with a picture of him standing outside of an airport with a rucksack on his back and an inane grin on his face. You replied to him telling him not to forget you when he passes back through Duty Free in 3 weeks time. That was the last time you heard from him.
You know that your brother is currently on holiday in Turkey, and it transpires that he is now in dire trouble. He has been kidnapped by a gang who are sympathetic to IS. They intend to hand him over to them in order that they can hold him hostage - unless you pay them first. They want £10,000 paid to an account (details provided) by 9pm UK time. If the money is not received he will be handed over and they will have no further control of what happens to him.
You know the email is from your brother’s personal email address.
You know he is on holiday in Turkey.
You know he got there safely from the photograph he sent you.
You know he shuns hotels and prefers to stay in local guest houses etc.
You know that Turkey borders Syria.
You know he has a short temper and is likely to upset his captors sooner than later.
You know you have enough funds to pay the £10,000
You know you would never forgive yourself if it all went horribly wrong because you hadn’t paid.
You then get a text from his mobile phone ‘I’m in deep shit. Read your emails urgently. I promise to pay back every penny but PLEASE help. If you don’t pay I’m going to die’ You try his mobile phone but there is no reply. You transfer the £10,000.
Spoofing the telephone number and email address is simple using proprietary software. They simply select the number/email address they want to appear and your device and they are in business - and you are about to be out of pocket. Clearly there has to be a starting point for these scams, i.e. how do they know who is going on holiday? to where? and when? I’m sure you will not be surprised to hear that social media sites are a target-rich environment. There are groups of researchers who do nothing more than harvest ‘useful’ information (useful to fraudsters that is) and sell it on. You can actually legitimately buy lists of holidaymakers from market research companies and information resellers! As long as people need to evidence their lifestyle on social media, there will be no shortage of mugs (sorry-victims) waiting to be scammed.