Why is the Telegram bot allowing you change Caller ID dangerous?
21.02.2021

Telegram bot appeared in the beginning of 2020 but has been discovered recently. This is a paid service, it allows you to call changing your phone number – this is a widespread fraud approach which is frequently used for calls made from a “bank”, “security service”, etc. A person sends command to the bot indicating that the call should be made showing a different phone number, then the number of a recipient and the number which should be displayed during a call (for example, the official bank number) get entered.
This type of fraud has been known already. The new thing is that there are no tricks needed to change your phone number. That makes roguery available for a wide range of scammers.
We would like to think that this service is developed or used by researchers or even in banks as a bait to detect phone scammers.

There are a few things which should be considered after learning about the bot. Technically there’s nothing new, but functionally the emergence of this bot welcomes scammers and easily turns into scammers those who were yet in two minds. If earlier they had to think and read the guidance for setting virtual automatic telephone exchange, now it’s done as quick as a finger flick. Everything is intuitive. The attack becomes inexpensive, available and therefore popular.

The calling-from-a-different-number feature isn’t shocking, it has been present and actively used. But the voice change function…

Why would a legitimate call center staffer need this? The process of changing the pitch with the bot is reversible if the voice of the caller is recorded.

What is dangerous?

First of all, the growing number of scammers. The standard attack is about two parts: to call/scare/persuade + steal money. Part 1 is getting simpler thanks to the bot. Part 2 has been mastered already.

Second of all, approach is redeveloped. The calls used to come from “bank employees” and bank security departments, now scammers claim they present themselves as police officers having previously obtained the real officers’ names and phone numbers. They call to notify an individual about a “detected attempt to withdraw money”. They ask to do nothing, just keep the story about protective authorities on. In the end of the conversation they say that an individual will soon be contacted by a bank employee whose instructions should be followed. And that’s where the real deal starts.

Some go and Google the name of the police officer who introduced himself and, of course, find him. It’s a trap! The distrust soothes and the caller seems reliable.

Unfortunately, just a warning is not enough. Telegram bot offers a few second of free demo – try it and call your friends to persuade them into never talking to a scammer again. Everyone should remember, when in doubt – hang up and call to the police/bank/lottery man yourself.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.