The latest phishing scam is targeting parents, and manipulating them into thinking that their children are in trouble. We’ve taken a look at this nasty phishing scam, and how you can make sure that you don’t fall for it.
What is a phishing scam?
A phishing scam is a text, email or phone call pretending to be from someone that you know, such as a bank, a business or in this case a family member, for the purposes of extorting money or information from you, the victim. There are a number of different terms used; visching for telephone scams, smishing for sms or text based scams, but phishing is often used as an umbrella term as the perpetrators are ‘fishing’ for your details.
In the past couple of years we’ve seen a move away from the more well known phishing scams; emails pretending to be from a subscription service like Netflix or Amazon used to hit our inboxes fairly often, but seem to have fallen out of fashion. They’ve been replaced with scams that are more likely to pull at our heartstrings, and they seem to be far more effective at getting victims to part with their cash.
The ‘Mum, it’s an emergency’ scam
This scam started doing the rounds as early as February 2022. It starts with a text from an unknown number, usually communicating that there’s been some kind of accident which has left their phone unusable and asking the recipient to text a different number directly. However, we’ve also seen a ‘slow burn’ version of this scam, where the phisher’s opening text simply says that they have a new number and leads up to the emergency later.
In the version we received, the message read, ‘Hi mum I’m texting you off of a friend's phone I’ve smashed mine and their phones about to die, can you WhatsApp my new number [number redacted] please it’s important x’. In this message the phisher sets themselves up as the child, and doing so means there’s no need to know the parent’s name. It also gets the recipient (the parent) to panic by suggesting this state of emergency, which means the victim is going into the conversation with the phisher without thinking clearly.
Once the victim has reached out to contact the phisher, they might engage in some conversation about the incident before asking the victim for money. This is usually requested via bank transfer, with the phisher claiming that they ‘don’t have access to their bank account’ or ‘owe a friend money’ to explain why the funds are being sent to a new payee. The victim often only realises that they’ve been scammed when the real child reaches out, and has no knowledge of the emergency or the payment.
How can we tell it’s a scam?
The reason that this scam has been so successful is that it is believable. Within the set-up, there is an explanation for why the phone number is different, why the bank account is different, and even why the phisher isn’t referring to the victim by name. However, there are some holes in this phishing scam, if you look a little closer.
On a second reading, this setup doesn’t make any sense. If we take the phisher at their word, then their phone is out of action, their friend’s phone is about to run out of battery, so you should contact them through a different number. If they are able to text through this different number, it would follow that they’d message you from that number directly.
How can you stay safe?
One of the ways you can keep yourself safe is by checking your social media accounts, and making sure that your information is private. If your profiles can be found by anyone, scammers can use this information to convince you that they are someone that you trust. Family relationships are easily accessed on Facebook, and they’re a gold mine for phishers.
You can also set expectations with your children, and anyone you support financially, with how you’ll send money in an emergency situation; a security question is good, but a phone call is better. For this scam, it’s incredibly easy to check whether the phisher is telling the truth - speak to your child before sending any money. If they refuse to speak to you, do not transfer any funds - it’s likely that you’re speaking to a phisher.
Tweet us @TranscenditUK