UK 070 phone numbers exploited by email lottery scammers

January 17, 2007 Sophos Press Release

Sophos has revealed that criminals running email lottery scams are exploiting 070 personal numbers in the UK in their attempt to defraud internet users. While these numbers have genuine honest and practical uses, their general availability makes them a perfect tool for cybercriminals looking for financial gain.

Email lottery scams typically claim that recipients have been selected to receive a large cash prize, and that the fortune can be collected once the victim has revealed confidential information, including their bank details. In an attempt to reassure recipients that their lottery win is genuine, these emails often contain a contact phone number.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have revealed that British 070 numbers are the second most commonly used telephone numbers in these scams. US-based telephone numbers top the list.

Known as 'personal numbers', 070 numbers look like mobile phone numbers, but can actually be easily redirected to any number anywhere in the world. In addition, 070 numbers can be acquired for free, as higher charges are paid by the caller to use them. This means that anyone can quickly and cheaply acquire multiple phone numbers for business/personal/new friends, all of which redirect or divert to the same mobile phone or landline.

A recent email scam using an 070 personal phone number

A recent email scam using an 070 personal phone number.

"Internet scammers are scooping up these free 070 personal phone numbers, redirecting them overseas, and posing as British lottery officials. They can easily cycle through a bunch of these 'throw-away' numbers, using them to con innocent victims into revealing confidential information that can then be used to empty bank accounts and commit identity theft," said Graham Cluley, senior technology consultant for Sophos. "The fact that these numbers are readily available has propelled Britain to a shameful second place in this scam chart."

Many new lottery scams using 070 personal numbers are seen each day. One recent example claimed to be a communication from the United Nations working with the World Bank, and indicated that US $17.5 million was ready to be released into the email recipient's bank account.

"With 070 numbers, callers have no way - short of persuading the 070 service provider to tell them - to determine where their call ends up. They may think they are speaking to an official in London, when really they're on the phone to a scammer in Lagos," continued Cluley. "Everyone should be extremely suspicious of any email, fax or letter they receive telling them they have won a major prize in a lottery as they may be left with an empty bank account."

Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of spam, spyware and malware. In addition, employees should be educated about the importance of safe computing.