Yesterday, I received a phone call from this number: (570) – 524 – 2662. If you do a quick Google Search you will find that it’s for a legitimate source, the State Police Department in Lewisburg or Milton, PA.
The caller claimed to be an officer of the department and requested to speak to me. So I obliged and asked him what it was about. He claimed that they had receive several complaints about me and was calling to sort it out. After asking him what the complaints were about, he was hesitant and said that he will forward me to the investigating officer to talk about the complaints.
I immediately stopped him and told him to give me the direct line to the investigating officer so that I can call him directly. The caller refused and told me to use the number that showed up on my caller id. I tried to get the identity of the caller but failed because he just told me to call the number back and he will be there to answer the call. I hung up and did the quick Google Search of the phone number.
There were several things wrong with this call:
- Why would the State Police from the middle of PA call someone in Philadelphia?
- The caller had an Indian/Middle Eastern accent
- The caller did not want to provide me a number or his name.
I decided to call the number back, since it was a legitimate number, and got a hold of a “different” officer. The officer assured me that he was the only there and nobody there was trying to get a hold of me. I told him about the phone call that I just received and he was as surprised as I was.
Moral of the story is that anything can be spoofed and made to seem like it’s coming from a legitimate source. Be careful who you divulge information to and should always ask for a callback number if you’re not the one who initiated the contact.
Anthony Clayton Fecondo says
Loi,
This reminds me of how telemarketers spoof their phone number to have an area code similar to the area code of the people they’re calling. It used to be that you see a number from halfway across the country and you ignore it because you could assume it was a telemarketer. Now they spoof their numbers to try to trick you into thinking it might be someone you know.
Good job on spotting that the call was fishy. Many of the things you mentioned as being red flags are reminiscent of the slide from Wade’s class last semester for detecting social engineering attacks. This was a cool example of applying the knowledge from this course to everyday life.
Jason A Lindsley says
Hi Loi,
That sounds like an interesting call. I wonder what his actual motive was. Why do you think he asked you to call back a legitimate number? I would understand if he was asking you to call back a number that was routed to a malicious actor, but doesn’t make sense that he directed you to call back the real police!
I get calls from unknown numbers all the time. I stopped answering them because it’s always a telemarketer or scam. They never leave voicemail!
Loi Van Tran says
Well there are several reasons that I can think of that lead the caller to tell me to use the number that was on my caller id. First is, providing a number that is “malicious” would allow it to be traced back to them. Like I did, I googled the number before calling back. I assume they didn’t have the ability to reroute calls directed to that number and transfer it to a malicious one. Had they provide me a number that was in a different county, city, or state, I could give it to the police to trace it down. Second, “No harm, no foul”, social engineering attackers knows that not all of their attempts will be successful. In this case, me calling the State Police really didn’t put a target on the attackers back. The police really didn’t do anything aside from affirming that they did not initiate contact with me.
Brent Easley says
wow….classic case of an attempt at social engineering. Good thing you were aware of what was going on. I am sure there are plenty of people who would have fell victim to this scam.