A new kind of Voice Phishing is circulating – the ‘can you hear me?’ phone scam has been reported in US, UK, and Australia. This is a little different to the traditional Vishing or Voice Phishing methods that directly attempt to steal account credentials and personal information.
The scammer records the victim’s voice and it begins with a call from a scammer impersonating a representative from a legitimate organisation that may be familiar to the recipient, like a bank or utility.
After the introduction, the scammer asks the recipient whether they can be heard clearly, and then records the consumer’s “yes” response in order to obtain a voice signature.
The intention, according to the US Federal Communications Commission, is to use this voice signature to later authorise fraudulent charges by telephone.
The caller may ask it several times, to which most people on the other end would reply with ‘yes’. The scammer then records the ‘yes’ response and ends the call. That recording of the victim’s voice can then be used to authorize payments or charges in the victim’s name with voice recognition. Because it is the person’s voice authorizing transactions, it makes it hard to dispute later if a victim claims they have been scammed.
Using recording technology and potentially automating the system may allow the criminals to target large volumes or end user customers and stealing their “yes” response to the basic questions.
The level of threat does seem low as over the phone transactions require further forms of verification or authentication. However, this does show a new kind of voice phishing and quite a novel way of exploiting the unsuspecting victim with some recording technology. As identity theft and relate fraud is often a blended threat with multiple components, this “yes” recording may provide another piece of puzzle for the criminal.