Sophos has revealed that criminals running email lottery scams
are exploiting 070 personal numbers in the UK in their attempt to
defraud internet users. While these numbers have genuine honest and
practical uses, their general availability makes them a perfect
tool for cybercriminals looking for financial gain.
Email lottery scams typically claim that recipients have been
selected to receive a large cash prize, and that the fortune can be
collected once the victim has revealed confidential information,
including their bank details. In an attempt to reassure recipients
that their lottery win is genuine, these emails often contain a
contact phone number.
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have revealed
that British 070 numbers are the second most commonly used
telephone numbers in these scams. US-based telephone numbers top
the list.
Known as 'personal numbers', 070 numbers look like mobile phone
numbers, but can actually be easily redirected to any number
anywhere in the world. In addition, 070 numbers can be acquired for
free, as higher charges are paid by the caller to use them. This
means that anyone can quickly and cheaply acquire multiple phone
numbers for business/personal/new friends, all of which redirect or
divert to the same mobile phone or landline.
A recent email scam using an 070 personal phone
number.
"Internet scammers are scooping up these free 070 personal phone
numbers, redirecting them overseas, and posing as British lottery
officials. They can easily cycle through a bunch of these
'throw-away' numbers, using them to con innocent victims into
revealing confidential information that can then be used to empty
bank accounts and commit identity theft," said Graham Cluley, senior
technology consultant for Sophos. "The fact that these numbers are
readily available has propelled Britain to a shameful second place
in this scam chart."
Many new lottery scams using 070 personal numbers are seen each
day. One recent example claimed to be a communication from the
United Nations working with the World Bank, and indicated that US
$17.5 million was ready to be released into the email recipient's
bank account.
"With 070 numbers, callers have no way - short of persuading the
070 service provider to tell them - to determine where their call
ends up. They may think they are speaking to an official in London,
when really they're on the phone to a scammer in Lagos," continued
Cluley. "Everyone should be extremely suspicious of any email, fax
or letter they receive telling them they have won a major prize in
a lottery as they may be left with an empty bank account."
Sophos recommends companies protect themselves with a consolidated solution which can defend businesses
from the threats of spam, spyware and malware. In addition,
employees should be educated about the importance of safe
computing.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.