A day in the life of a prolific voice phishing crew

Original Article ↗ Hacker News Discussion ↗

Call Handling Habits & Tradeoffs

  • Many participants ignore unknown numbers entirely, or use iOS “Silence Unknown Callers” and call-blocking apps.
  • Others answer but stay silent or put the phone on mute to waste scammers’ time. Some “play” with scammers for amusement.
  • Several warn that answering may mark a number as “active” and increase spam; others say they already get so much spam it doesn’t matter.
  • Parents and people expecting real callbacks (contractors, doctors, schools) are reluctant to block unknown numbers, citing risk of missing important calls.
  • Voicemail is a common filter, though some note it’s still more work than just answering a legitimate call directly.

Examples of Scams & Social Engineering

  • Apple- and Google-branded phishing attempts, fake medical debt collections, USPS/Royal Mail delivery-fix scams, and Mandarin/Chinese embassy “immigration” threats are frequently reported.
  • A landline scam is described where the attacker never releases the line, then impersonates the victim’s bank when they “call back.”
  • Commenters highlight the complexity of US medical billing as fertile ground for debt-collection scams.
  • Voice cloning and “voice verification” banking are seen as creating new risk: once your voice is captured, it can be reused.

Telecom Infrastructure & Caller ID Spoofing

  • Many see caller-ID spoofing as a root problem; non-technical people often trust caller ID implicitly.
  • Email-style authentication analogies (DMARC/DKIM/SPF) are raised; STIR/SHAKEN and FCC efforts are mentioned, with mixed views on effectiveness and deployment speed.
  • Some note specific countries where spoofing is rare or now regulated, showing that stricter rules and telco enforcement can help.
  • Skepticism persists that carriers genuinely prioritize spam reduction over revenue.

Targets, Crypto vs. Traditional Banking

  • Several note that voice phishers prioritize crypto holders because transfers are fast and irreversible; others point out that traditional banking fraud still dwarfs crypto losses.
  • One takeaway: assume any inbound communication about money is suspect; independently contact institutions using verified channels.

Defensive Practices & Education

  • Core advice: hang up on unsolicited “Apple/Google/bank” calls and initiate contact via official numbers.
  • Some banks now provide in-app indicators confirming whether an ongoing call is genuine.
  • Commenters argue for more public service announcements, especially for older, TV-watching audiences, using real scam scripts to build intuition.