Imagine if you will, that it is three o’clock in the morning and you are sleeping peacefully—until your mobile phone rings. You fumble for a moment as you wake up enough to answer the call. Even though the CallerID says “Unknown”, it must be an important call as it is three o’clock in the morning, right?

Did I forget to mention that it is Saturday morning?

You say “Hello?” and are greeted by a robotic sounding woman’s voice that replies “Your Velocity Credit Union” ATM card has been de-activated because of fraud, Press ‘1’ to re-activate your card.” This was my recent experience.

I pressed ‘1’, in the hopes of reaching a real operator, who could tell me more about the fraud that had de-activated my ATM card. As I pressed the button, I thought to myself, “Hey wait, I don’t have a Velocity ATM card.”

While I am pondering if the automated voice was really referring to my MasterCard, I hear the other side of the call disconnect. As I fall back to sleep, I wonder if the call was a real issue or a scam.

I came to a conclusion that it was a scam when the automated system called me again on Sunday at five o’clock in the morning. I was once again greeted with the sound of the other side disconnecting after I pressed ‘1’.

I had heard that the scammers out there had begun to use phone calls to phish for banking information, graduating from emails and the web. But until that Saturday, I had not experienced it personally.

Working in telephony for the last 11 years, I have witnessed telephony technology get easier to work with and cheaper to acquire. In the last few years, more and more SaaS based telephony offerings have become available.

I have to say that I am upset that these advances in telephony technology are being abused by scammers, tarnishing the industry and inevitably appearing on the evening news.

The phone scammers called me one more time. This time at nine o’clock on Monday morning. I was delighted to not hear the oh-so familiar disconnect when I pressed ‘1’ this time. I was instead asked to enter in my 16-digit ATM card number.

I decided to test the scammer’s system to see how advanced it was. I first decided to press ‘9’ sixteen times. Their system was advanced enough to know that this was not a valid ATM number.

Guessing that they were doing basic card authentication, I next pressed “4” and followed it by fifteen “1”s. This is the standard fake VISA card number that folks are instructed to use when doing test e-commerce transactions.

Their system read back the numbers I entered in. The odd thing was that the voice speaking back those fake VISA digits was not robotic nor was it female. It was a male voice with a slight accent, possibly Australian.

I find it funny that the scammers implemented their system using text-to-speech for the majority of their prompts, but the routine reading back the digits was in a different voice, quite possibly the programmer’s own voice.

After hearing all sixteen digits I was presented with the option to accept the digits I entered. After accepting the digits, the scammer’s system then asked me for my expiration date and pin number. Each time the same male voice read back the digits I had entered.

I am very curious about which technology the scammers used to build their automated phone phishing system. I called Velocity and let them know I had received a scammer call asking about an ATM card that I am fairly certain I don’t have. The security tech I spoke with thanked me for the level of detail I provided and reminded me that Velocity will never call me with an automated system.

I hope that the scammers find their phone phishing efforts to be fruitless. I would hate to see a few bad apples tarnish the emergence of a very promising Voice SaaS industry.

No related posts.