Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Phone Scam - Other People Getting Calls from My Mobile

  • 29-06-2023 12:59pm
    #1
    Registered Users, Registered Users 2 Posts: 56 ✭✭Educate


    This week I've received calls from two people saying they got missed calls from me (my mobile number). One of them even had a voicemail saying "Hi, it's [MY NAME] calling" and they used my first name.

    I've Googled and can only really find info. on how to respond to receiving spam calls, but not what actions can be taken if my number is being used to make spam calls.

    Is there anything I can do to stop this?



Comments

  • Registered Users, Registered Users 2 Posts: 2,114 ✭✭✭ItHurtsWhenIP


    Stick your mobile number, in full international format (+3538xyyyyyyy), into the email field here: https://haveibeenpwned.com/

    If it says "Oh no - pwned", then your mobile number and name were in a Facebook breach in 2021.

    What's likely to have happened is that somebody called those people "spoofing" your number. Normally they try to execute some scam on the people they are calling, like saying they are from Social Protection, it has been discovered you're using your PPS number illegally and you must pay a fine before the Guards show up and arrest you. 👀

    I got a load of those type of calls in 2021 and a few more last year. I just ignored all unknown numbers calling me. One day though I got a call from a business (it's name showed up with the incoming call). I called them back and was told that I was the third person to call them claiming a missed call.



  • Registered Users, Registered Users 2 Posts: 4,957 ✭✭✭kirk.


    What does it mean if your email is in a data breach

    I see I have it on one my 2 emails



  • Registered Users, Registered Users 2 Posts: 2,114 ✭✭✭ItHurtsWhenIP


    There should be a description of the data breach down the page after you have searched for your email address.

    Look for the "Compromised data" at the end of the description. If password is part of the compromised data, then:

    • Change your password on that site immediately.
    • If you have used that SAME password on ANY other account, change those passwords too ... and to something NEW and UNIQUE for each account.
    • I would highly recommend you enable two-factor/multi-factor authentication on those accounts. Do this as well for any email accounts you have.

    If password wasn't part of the compromised data, then just be aware that the information that WAS compromised is out there and available for criminals to try to use against you.

    Edit to add: Enable two-factor/multi-factor on your email accounts anyway, regardless of whether your password has been compromised. If you're a gmail user, consider turning on its new passkeys capability. https://support.google.com/accounts/answer/13548313?hl=en

    Post edited by ItHurtsWhenIP on


  • Registered Users, Registered Users 2 Posts: 56 ✭✭Educate


    Interesting - didn't know you could put your mobile into that checker.

    Plot thickens. It came back as "Good news — no pwnage found! No breached accounts."

    Very strange...



  • Registered Users, Registered Users 2 Posts: 23,065 ✭✭✭✭Esel
    Not Your Ornery Onager


    ..

    Not your ornery onager



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,347 ✭✭✭Jeff2


    I wouldn't be putting my private number into anything like that as I'd feel that is how someone gets your number in the first place. That's just my opinion.



  • Registered Users, Registered Users 2 Posts: 71,113 ✭✭✭✭L1011


    That site, that specific site, is trustworthy. Plenty of others aren't.



  • Registered Users, Registered Users 2 Posts: 2,114 ✭✭✭ItHurtsWhenIP


    I've even registered my personal gmail account with the site ... 😱 ... 😏

    I got notified last December/January that my email address and password on Deezer were breached ... a fact Deezer couldn't be a$$ed telling me about ... though I closed my account about 7 years ago.

    The Irish National Cyber Security Centre (NCSC) is using the service to monitor Irish Government and State agency emails for the last number of years.

    One of many countries doing so.

    While I'm no longer a massive fan of Troy Hunt himself, I can't fault the service that he has built.





  • Most of us have a fair bit of data pwned. One thing about Have I been pwned is it is in itself a bit of a data breach site when you think of it. For instance you could type in my email address and find I’ve been pwned on some kinky site.





  • OP, Google “Fake Call” and you will see plenty of dodgy apps.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,114 ✭✭✭ItHurtsWhenIP


    Actually no, those specific "kinky" sites are classed as "sensitive" and you must prove control of the email account before you are told about them.

    https://haveibeenpwned.com/FAQs

    What is a "sensitive breach"?

    HIBP enables you to discover if your account was exposed in most of the data breaches by directly searching the system. However, certain breaches are particularly sensitive in that someone's presence in the breach may adversely impact them if others are able to find that they were a member of the site. These breaches are classed as "sensitive" and may not be publicly searched.


    A sensitive data breach can only be searched by the verified owner of the email address being searched for. This is done via the notification system which involves sending a verification email to the address with a unique link. When that link is followed, the owner of the address will see all data breaches and pastes they appear in, including the sensitive ones.


    There are presently 50 sensitive breaches in the system including Adult FriendFinder (2015), Adult FriendFinder (2016), Adult-FanFiction.Org, Ashley Madison, Beautiful People, Bestialitysextaboo, Brazzers, Carding Mafia (December 2021), Carding Mafia (March 2021), CityJerks, CrimeAgency vBulletin Hacks, CTARS, CyberServe, Doxbin, Emotet, Fling, Florida Virtual School, Freedom Hosting II, Fridae, Fur Affinity and 30 more.

    Post edited by Boards.ie: Paul on




  • If your number is being used to make scam calls, it's simply set on the outgoing Caller ID on some VoIP system.

    Unfortunately, at present anyway, there's absolutely no control over this. ComReg is working on blocking calls coming in with fake caller ID but, it's still a work in progress.

    Basically Caller ID is part of an old set of signalling protocols and they were never designed to verify anything. When another network sends in a call there are a few fields of very simple metadata, which include the outgoing phone number. The majority of phone networks will simply pass that through. It's trivial for someone with a VoIP server to spoof it.

    ComReg's currently working with the phone networks so that when anyone presents a +353 phone number, if it's not coming from an Irish network, or a network that has legitimate reasons to use one, it won't be processed.

    Basically, calls from +353 numbers shouldn't be presenting form outside the state, but for various reasons, some legitimate ones do at the moment. That's being ironed out, so that all Irish calls are going through domestic interconnects only.

    Also the mobile and fixed line networks are rapidly moving to all-IP and modern soft switches handling all of this stuff, so it is becoming a LOT easier to include that kind of filtering and analysis. The old switches were fully digital but quite old tech - 1980s/80s era stuff.

    There's also a lot more scope to provide verified connections with certificates etc.



  • Registered Users, Registered Users 2 Posts: 2,114 ✭✭✭ItHurtsWhenIP


    It would seem that even Troy Hunt (him off HaveIBeenPwned) is also experiencing the same issue the OP has:




  • Registered Users, Registered Users 2 Posts: 4,957 ✭✭✭kirk.


    I beefed up security on email and amazon

    I get text verification when logging into Paypal

    Would I need to upgrade to 2-factor security in the website?



  • Registered Users, Registered Users 2 Posts: 2,114 ✭✭✭ItHurtsWhenIP


    I don't know what website you're asking about, but I would recommend 2-factor in as many places as you can. It really will help keep those accounts secure and prevent account takeover in nearly all circumstances.



  • Registered Users, Registered Users 2 Posts: 4,957 ✭✭✭kirk.


    Paypal

    They have a text authentication system , u get texts logging in which I have

    There's also 2 factor using an authenticator app



  • Registered Users, Registered Users 2 Posts: 2,114 ✭✭✭ItHurtsWhenIP


    I much prefer the authenticator app, as they are more secure than text messages. I have dozens of accounts set up on my authenticator app.

    I thought PayPal could be set to use the app rather than by text, but I have used my account in a few years. I'll check it later.



  • Registered Users, Registered Users 2 Posts: 4,957 ✭✭✭kirk.




  • Registered Users, Registered Users 2 Posts: 20,823 ✭✭✭✭Donald Trump


    Other possibility is a Tyler Durden scenario OP



  • Registered Users, Registered Users 2 Posts: 4,957 ✭✭✭kirk.


    What's the best authenticator google has a 3.4 rating



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,114 ✭✭✭ItHurtsWhenIP



    I have about 15 email accounts, at least a dozen Social medias, 5 admin accounts for website CMSes and a few cPanels, the usual shopping sites (Amazon and ebay) and payment providers (PayPal and Stripe), most of the streaming sites, another ten miscellaneous online sites that I've set up accounts on, a couple of CRMs, VPN, password manager, a couple of NASes ... so quite a few.

    I use Google Authenticator (GA), but it had a problem for a long time that if your phone was lost, stolen our damaged then you were goosed. I have two phones, so if I am adding a new account, I scan the QR code on both simultaneously. GA then got the ability to export the codes, so that made setting up a new phone very simple, but there is always the danger that I could lose both phones, so I carefully and securely store any backup codes for my various accounts.

    Google did introduce the ability to backup the codes to your Google Account ... but it wasn't going to be encrypted (which is madness really). So I'm not using that until they do.

    I also have Microsoft Authenticator for some MS365 accounts. It's probably better than GA, in that the codes are backed up to a Microsoft Account (securely I believe), but I had most things set up on GA, before the Microsoft one showed up.



  • Registered Users, Registered Users 2 Posts: 56 ✭✭Educate


    Can I be Pitt at least? Not the narrator? 😁



  • Registered Users, Registered Users 2 Posts: 858 ✭✭✭Homesick Alien


    I've been having the exact same problem the last couple of months. Every 2 weeks or so I get a call from someone I don't know claiming they have a missed call from me. I also put my number into that website and it came back as not pwned. Very weird as I'm not sure what clause my number is as opposed to some burner phone number.



  • Registered Users, Registered Users 2 Posts: 10,896 ✭✭✭✭28064212


    The Have I Been Pwned website covers known data breaches. There's at least two other ways your number could have ended up on a scammer's list:

    • Unknown data breaches - your number has been involved in a data breach, it's just not a widely known one (at least not yet)
    • Randomisation - some scammers will literally just generate a random number between 1111111 and 9999999, prefix it with one of 083/085/etc. and use that, and you just got unlucky

    There's nothing you can really do about it

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



Advertisement