Security news17 January 2007
UK 070 phone numbers exploited by email lottery scammers
Sophos has revealed that criminals running email lottery scams are exploiting 070 personal numbers in the UK in their attempt to defraud internet users. While these numbers have genuine honest and practical uses, their general availability makes them a perfect tool for cybercriminals looking for financial gain.
Email lottery scams typically claim that recipients have been selected to receive a large cash prize, and that the fortune can be collected once the victim has revealed confidential information, including their bank details. In an attempt to reassure recipients that their lottery win is genuine, these emails often contain a contact phone number.
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have revealed that British 070 numbers are the second most commonly used telephone numbers in these scams. US-based telephone numbers top the list.
Known as 'personal numbers', 070 numbers look like mobile phone numbers, but can actually be easily redirected to any number anywhere in the world. In addition, 070 numbers can be acquired for free, as higher charges are paid by the caller to use them. This means that anyone can quickly and cheaply acquire multiple phone numbers for business/personal/new friends, all of which redirect or divert to the same mobile phone or landline.
A recent email scam using an 070 personal phone number.
"Internet scammers are scooping up these free 070 personal phone numbers, redirecting them overseas, and posing as British lottery officials. They can easily cycle through a bunch of these 'throw-away' numbers, using them to con innocent victims into revealing confidential information that can then be used to empty bank accounts and commit identity theft," said Graham Cluley, senior technology consultant for Sophos. "The fact that these numbers are readily available has propelled Britain to a shameful second place in this scam chart."
Many new lottery scams using 070 personal numbers are seen each day. One recent example claimed to be a communication from the United Nations working with the World Bank, and indicated that US $17.5 million was ready to be released into the email recipient's bank account.
"With 070 numbers, callers have no way - short of persuading the 070 service provider to tell them - to determine where their call ends up. They may think they are speaking to an official in London, when really they're on the phone to a scammer in Lagos," continued Cluley. "Everyone should be extremely suspicious of any email, fax or letter they receive telling them they have won a major prize in a lottery as they may be left with an empty bank account."
Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of spam, spyware and malware. In addition, employees should be educated about the importance of safe computing.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
