New Phone Scam Ties Up Businesses Phone Lines, as Scammers Target their Bank Accounts
June 30, 2010
Better Business Bureau of Southern Arizona is warning our Accredited Businesses of an emerging scam, in which con-artists tie up a business’ phone lines while they clean out the company’s bank accounts.

In a June, 21 alert, the FBI says that they’ve been receiving reports of what they call a “telephone-denial-of-service attack,” which they say involves a scammer using an automated dialing computer program to place hundreds, or even thousands of calls simultaneously to a business, effectively tying up the company’s phone lines.

According to the FBI, this is how it works:

“In a recent twist, criminals have transferred this activity to telephones, using automated dialing programs and multiple accounts to overwhelm the phone lines of unsuspecting citizens.

Why are they doing it? Turns out the calls are simply a diversionary tactic: while the lines are tied up, the criminals—masquerading as the victims themselves— are raiding the victims’ bank accounts and online trading or other money management accounts.

Here, in a nutshell, is how the whole thing works:

  • Weeks or months before the phone calls start, a criminal uses social engineering tactics or malware to elicit personal information from a victim that this person’s bank or financial institution would have—like account numbers and passwords. Perhaps the victim responded to a bogus e-mail phishing for information, inadvertently gave out sensitive information during a phone call, or put too much personal information on social networking sites that are trolled by criminals.
  • Using technology, the criminal ties up the victim’s various phone lines.
  • Then, the criminal either contacts the financial institution pretending to be the victim…or pilfers the victim’s online bank accounts using fraudulent transactions. Normally, the institution calls to verify the transactions, but of course they can’t get through to the victim over the phone.
  • If the transactions aren’t made, the criminals sometimes re-contact the financial institution as the victim and ask for it to be done. Or they add their own phone number to victims’ accounts and just wait for the bank to call.
By the time the victim or the financial institution realizes what happens, it’s too late.”

If your business encounters a similar attack, immediately find a working phone line and contact your bank to put a fraud alert on your accounts. Also, report the incident to the FBI’s Internet crime division at www.IC3.gov.