Cybersecurity blog header

Telephone scams impersonating telecommunications or electricity companies: Latest trends

- Ciber 4 All Team
Telephone scams impersonating telecommunications or electricity companies are commonplace

In recent years, there has been a proliferation of telephone scams impersonating telecommunications or electricity companies to obtain data or gain illegitimate access to accounts

Have you received a call supposedly from your internet provider about a problem with your router? Or from an energy company trying to get you to leave your current supplier? Telephone scams impersonating telecommunications or electricity companies have been on the rise recently. Why?

Citizens and professionals are increasingly wary of other channels for launching social engineering campaigns, such as SMS or email. Listening to a person on the other end of the phone, on the other hand, generates more trust and is therefore less likely to arouse suspicion in the victim.

What are the key elements of telephone scams that impersonate telecommunications companies? What are the malicious actors behind them looking for? How can we avoid falling victim to these scams? What are large telecommunications and electricity companies doing to stop identity theft?

Below, we discuss some of the latest trends related to telephone scams impersonating telecommunications and electricity companies.

1. Consumer data theft is at the root of many telephone scams that impersonate telecommunications companies

What is the origin of telephone scams that impersonate telecommunications or energy companies? The theft of customers’ personal data from companies or the purchase of such data on a marketplace on the Dark Web.

A quick glance at cybersecurity news shows that personal data leaks from consumers and companies are constantly being made public.

This is because one of the usual targets of cyberattacks against companies is the theft of their customers’ personal data: full names, identification numbers, email addresses, phone numbers, etc.

This type of information can be used to:

  • Extort companies and force them to pay a ransom in exchange for not releasing the stolen data.
  • Launch fraud campaigns against people whose data has been stolen.
  • Sell personal data packages on the Dark Web so that other malicious actors can launch fraudulent campaigns.

This is how cybercriminals can find out our phone number, our cell phone number, and even our ID number, and use this information to launch telephone scams that impersonate telecommunications or electricity companies and gain our trust.

Why do they choose to impersonate these types of companies? All citizens and businesses have a telecommunications and electricity provider. This means that telephone scams impersonating telecommunications or energy companies can be carried out against millions of people and businesses.

Fraud against businesses and citizens is becoming increasingly sophisticated and difficult to detect

2. What are the basic elements of telephone scams that impersonate telecommunications companies?

If access to personal data is one of the pillars on which telephone scams impersonating telecommunications companies are based, the other basic pillar is the deception itself. The criminals’ story must be robust enough so that the victims do not become suspicious, and they can achieve their objectives.

What elements do malicious actors use to set up telephone scams that impersonate telecommunications companies?

  1. Impersonating a company that is well-known to consumers and businesses. There are only a few players operating in the telecommunications or energy sectors, and everyone knows who they are. This makes it easier for the recipient of the call not to doubt its veracity, as they are familiar with the company that is theoretically calling them. Malicious actors can even use techniques such as call masking to make it appear that calls are coming from the impersonated companies.
  2. Sense of urgency. A basic ingredient of any social engineering campaign is to alarm the victim by referring to a problem that must be solved as quickly as possible. For example, problems with paying the electricity bill or an incident with the router.
  3. Financial opportunity. Many telephone scams that impersonate companies seek to deceive their victims by focusing on a potential financial benefit. For example, by offering them an attractive deal or informing them of a false increase in their supplier’s bill.
  4. Use of private information about the victim or the service they have contracted, obtained through illegitimate channels, to dispel any doubts the consumer may have about the origin of the call.

3. Types of telephone scams impersonating telecommunications or energy companies that are on the rise

In recent months, public authorities and companies in these sectors have warned of various telephone scams impersonating companies:

  • The double call. A consumer or a company receives a call supposedly from their telephone company. They are told their rate will increase significantly. A few minutes later, another call comes in, this time from a competing company offering a more affordable rate. Neither call is real. The goal is to get the victims to provide financial information to make the theoretical change of the company.
  • The router scam. A few months ago, the National Police of Spain issued a warning about this type of scam. How does it work? A malicious actor impersonates a telecommunications company and informs the consumer about a supposed problem with their router, the need to replace it due to obsolescence, or the possibility of optimizing the service. What is the purpose? To get the victims to authorize a change of company or provide real verification codes from their providers, sent by SMS or email, to access their accounts. In this way, criminals gain control of victims’ accounts and request changes to companies’ accounts or view billing information.
  • The change of company scam. This is similar to the previous scam type. Cybercriminals pose as internet or telephone providers, or energy marketers or distributors, with the excuse of offering a change of company due to a problem with the current one, or to refer to an offer. The aim is to gain access to the customer’s legitimate account or obtain financial information that can be used to commit financial fraud. Both energy and telecommunications companies warn about this type of telephone scam.

4. What consumers can do about telephone scams that impersonate telecommunications companies

When it comes to fraud against citizens, experts always emphasize the need to act with caution and common sense. In addition, it is also advisable to:

  • Never provide personal and financial information, passwords, or verification codes during a phone call.
  • Hang up at any sign of fraud, block the number, and inform your bank if you have provided financial information.
  • Call the customer service department of the company you are a customer of, using a verified phone number, to verify the information provided in a suspicious call (e.g., problems with a router, a rate increase, etc.).
  • Do not visit any website whose URL is provided during the call to verify the accuracy of the information.
  • Remember that companies do not request personal data, let alone financial information, over the phone.
  • Ask the caller to provide information that allows you to verify the call is legitimate. For example, accurate information about the services you have contracted.
Telephone scams that impersonate telecommunications companies harm these businesses

5. How companies can fight campaigns that impersonate them

One key characteristic of telephone scams impersonating telecommunications and energy companies is that these companies are also victims of these criminal activities.

After all, malicious actors impersonate them, undermining consumer and business trust in their customer service and marketing.

That is why large companies in these sectors invest significant resources in:

  • Informing, training, and raising awareness among their customers about telephone scams, phishing, and other social engineering techniques.
  • Fraud investigation and analysis services to protect their brands and services, and put an end to malicious campaigns that impersonate them. These types of cyber intelligence services are essential for:
    • Achieving early detection of scam campaigns.
    • Analyzing how they work and monitoring their evolution.
    • Gathering evidence.
    • Implementing countermeasures to put an end to fraud campaigns and prevent them from being successful.
    • Providing forensic support in court.
    • Adapting detection and response mechanisms to the continuous evolution of the techniques, tactics, and procedures of malicious actors.
    • Contributing to the design of fraud prevention policies and the development of recommendations for clients.

6. Why is training and awareness in companies about the risks of social engineering important

Although we think that telephone scams that impersonate telecommunications or energy companies are always aimed at ordinary citizens, the truth is that this is not necessarily the case. Professionals and companies can also be victims of fraud.

In fact, malicious techniques targeting the business world, such as CEO fraud and fake job offers, are constantly evolving.

It is therefore essential that all organizations, regardless of size, are aware of the threat posed by social engineering techniques and invest in raising staff awareness and training.

Social engineering tests play an essential role in this task. These types of tests simulate real attacks to test whether professionals can detect deception and avoid dangerous actions, such as providing verification codes over the phone or entering credentials to access the company’s bank account.

In addition, social engineering tests are key to raising professionals’ awareness of the risks they face and encouraging them to implement best practices that strengthen their organizations’ security.

7. Conclusions

In short, in recent years, there has been a veritable wave of digital fraud targeting citizens and companies, fueled by the theft of information from companies and public administrations.

Malicious actors are constantly innovating to perfect their techniques and tactics and make their scams believable.

Telephone scams that impersonate telecommunications or electricity companies show that a simple phone call can cause serious problems and open the door to financial fraud.

Implementing good cybersecurity practices in our daily lives and always acting with caution is essential to combat scam attempts.