Think before calling an unknown number, you will be hacked ?

Interesting security advice is being circulated these days. It says;

Apparently “many are getting a missed call from the number +17675027697. Looks like a virus where calling back this number might hack your phone or something. Be Careful !

Can this be true?

When you got a missed call, you might call the number and check who the hell it is. Or at least you in return make another missed call. Can this act lead to a hacking of your mobile? Indeed NO, it is not possible. So you can rule out the risk of being hacked. In that context the message is a bloody hoax. But yes there is a BUT, there are some risks. In fact a social engineering attacks. Being more specific, a type of vishing[1].

Well first, the attackers can deceive you with a recording, imitating that you have reached to a lottery or a draw and you have won a grand prize (most probably some dollars) and then you will be directed through some menu options to select this and that and finally may ask for you credit card details (or some personal information such as social security number{NIC in SL} etc) and so on. Or else even it is possible to request your details such as email address via voice, so that the bot can record it and convert to text. There can be endless possibilities but the main motive is to collect your personal and/or financial information.

When you respond calling back the attacker, it get to know your phone number is real. That means he earns a real phone number. Real phone numbers are expensive than a real email. He can sell it for a good price in deep web. Advertisers or even hackers are interested in such info as they can flood you with advertisements or use social engineering to exploit more info from you. What if you provide your personal info such as age, city you are live in etc. A partially complete profile of you.

Other than that an attacker can do nothing. He cannot hack you via a call as there is no way to access your mobile phone OS or any other installed application via a phone call (unless you use such an app or an OS which enables such, surely not Android nor iOS). But if your mobile is infected with a virus that enables such functions, need not to mention that, you are in a grave. But in that case I dont think the attacker will use such a dumb technique to gain control. He can simply connect the phone via internet and access your mobile and check what you are doing via the phone’s camera. Sounds like a sci-fi movie scene but this is 100% practical and possible.

No party can charge you an extra amount (other than the standard tariffs) for the call you make, unless there is an pre-agreed agreement. Even the carrier itself cannot subscribe you to a service and charge you because you called a number. If such things in place you need to be informed once the call has been answered and seek your consent/ verification to move forward.

Finally, the message seems quite exaggerated. But better you refrain calling unknown numbers, doesnt matter local or foreign. Even you called back do not give any private information unless the person on the other side is verified, May be you are not going to provide any information but simply calling back the number and hanging the line (another missed call by you in that case) hints that your mobile number is real. You may be a target of a bot generating random phone numbers with miss calls and then try to check if the number is real.

Better you worry about above facts rather than worrying about getting your phone hacked.

Ref 1 : https://en.wikipedia.org/wiki/Voice_phishing

Advertisements

Please add your valuable idea below, will make a discussion, thanks !

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s