Google Voice scams: What are they and how do I avoid them?

Cyber Security

Scams

Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers

Google Voice scams: What are they and how do I avoid them?

In our hyper-connected world, technology has transformed the way we communicate, enabling us to connect with anyone, anywhere, at the touch of a button. One of the most popular services to take advantage of the near ubiquity of high-speed internet coverage is Google Voice.

But with any popular digital technology, there are usually risks. In this case, scammers have for years been tricking users into providing access to accounts, which can then be used in follow-on fraud. Indeed, Google Voice schemes accounted for no less than 60 percent of all scams reported to the Identity Theft Resource Center (ITRC) in the US last year. It’s time to wise up.

How do Google Voice scams work?

Google Voice is a free voice-over-IP (VoIP) service that allows you to set up a virtual phone number linked to your Google account. With it, you can record voicemails, send text messages and exchange voice and video calls – all free of charge. Even better, it links to your mobile or landline number, so that when someone calls the Google Voice number you can pick up using your physical handset. That makes it a handy way of keeping your real phone number private.

RELATED READING:

Why scammers want your phone number

Hello, is it me you’re looking for? How scammers get your phone number

However, Google Voice numbers are also in high demand from scammers, who use them to perpetrate digital fraud and other offenses. The classic Google Voice scam goes something like this:

  • Setting up a Google Voice account. The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does.
  • Posing as buyers or sellers. They look for a victim online, often posing as a prospective buyer or seller on a site like Facebook Marketplace or Craigslist. They will pretend to be keen on an item you’re selling or be interested in selling/renting out to you, but claim that they need to make sure you’re not a scammer or a bot. Some fraudsters may begin the scam by replying to online posts about missing pets, which may contain the phone number of an anxious owner.
  • Requesting a verification code. The fraudster will tell you they’re going to send a Google ‘verification code’ or similar to your device, and ask you to forward it in order to set their fears to rest. As is their wont, the scammers can be pretty persistent.
  • Using your number for fraud.  However, the code is a two-factor authentication (2FA) code that Google requests to secure logins and onboarding for Google Voice users. Once you forward the code, the fraudster is able to link that account to your number, and then start using it for various types of criminal activity. The code itself will come from Google, so it is legitimate. What is not right, however, is the scammer asking you to forward it to them.

The bigger picture

So what happens next? The scammer will probably remove your personal number from the account to reduce the chances of you discovering what they’ve done, and link it to their own. Then they may do one of several things:

  • Sell your Google Voice number and account to other scammers
  • Place vishing calls designed to scam victims, using your Google Voice account
  • Embed your Google Voice number into email phishing or smishing messages
  • Use the Google Voice voicemail feature to record messages posing as legitimate authorities, in order to further their scams
  • Use the Google Voice number and spoofing software to call or text your family and friends, asking for emergency funds

The FTC also warns that sometimes the fraudster will try to obtain personally identifiable information from you as well as carry out the Google Voice scam. If they do so, they may be able to impersonate you in order to open new accounts in your name, or access existing ones.

It’s worth remembering that generative AI and deepfake software could be used in conjunction with some of the above scams to impersonate others in a highly realistic way.

How to stay safe from Google Voice scams

The easiest way to avoid a Google Voice scam is to immediately cease communicating with anyone who requests that you ‘authenticate’ by sharing with them a Google authentication code.

Texts and voice messages sent from Google, banks and other legitimate organizations are clearly identified as intended solely for your use, and must not be shared with any other person. They are designed to keep your accounts secure, not to enable a third party to access them.

If you’re buying or selling items on a digital platform, and the person on the other end of the transaction is still keen to prove you’re not a bot or a scammer, there may be other ways to validate your identity. Take a look at them – at the very least it could call the bluff of a would-be fraudster. And at best it may help to progress the transaction. If they suggest taking the conversation off that platform and onto WhatsApp or a voice call, that should be a red flag.

What to do in a worst-case scenario

If you realize you’ve been the victim of a Google Voice scam, there’s a dedicated page designed to help you reclaim your Voice number. Any number removed from the account can be re-added within 45 days, according to Google.

Also, submit a complaint to the FTC at this address and consider filing a report with your local law enforcement or IdentityTheft.gov, particularly if your personal information has been compromised.

There’s a cyclical element to a great deal of online fraud. It’s true in the case of social media users, whose accounts are hijacked and used to send out messages designed to dupe others into falling for scams. And it’s also the case with Google Voice scams, where threat actors trick users into handing over account access, in order to scam others. User awareness is the best way to break the cycle.

Products You May Like

Articles You May Like

The Problem of Permissions and Non-Human Identities – Why Remediating Credentials Takes Longer Than You Think
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
watchTowr Finds New Zero-Day Vulnerability in Fortinet Products
BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk
Chinese APT Group Targets Telecom Firms Linked to Belt and Road Initiative

Leave a Reply

Your email address will not be published. Required fields are marked *