FBI Warning—Do Not Call These Numbers On Your Smartphone
You must never make these calls.
NurPhoto via Getty Images
A stark FBI warning has just come to life on social media, with an attack on Microsoft users going horribly wrong — at least from the hacker’s perspective. Sometimes it really is good to put a face to a name, and that’s the case with this viral story of the week.
“Legitimate companies will never call you and offer tech support out of the blue,” the bureau says. “If you get a call like this, hang up.” And even more critically, “never let someone claiming to be tech support have remote access to your device.”
If you do, then you risk your device being infected with malware, your security credentials and data being stolen, and ultimately you bank account being “drained.” But there’s now a twist on this warning. Attackers don’t call you — you call them.
It starts with a popup. A warning that there’s a fault with your device or your security or an account issue. The popup includes a number to call and a message urging you to make that call immediately before the problem gets worse. You are now under attack.
Just as companies like Microsoft, Google, Apple and Meta won’t call you, they won’t trigger a popup on your screen with a number to call. they won’t email, you with account warnings alongside sign-in links or helpdesk numbers. This is always an attack.
Meet Gaurav Trivedi, who runs exactly this scam “out of his apartment complex in Raebareli, India.” His attack starts with one of these popups “that locks your screen, blares a loud warning sound” and voices a warning that a restart will spread a virus. The popup “tells you to call ‘Microsoft’ immediately or risk losing all your data.”
Unfortunately for Mr Trivedi, one of his intended victims was NanoBaiter, who has now shared his table-turning story with 42 million X users. “When Gaurav tried it on me… I gave him access to my virtual machine and used it to hack into his system instead.”
The OpSec deployed by Mr Trivedi was non-existent, somewhat surprisingly given his chosen trade. NanoBaiter says that by reversing the remote viewing software pushed out to him, “I accessed his webcam and snapped a clear shot of his face. He pulled up the softphone dialer and boom, his real name appeared on the screen: Gaurav Trivedi. The wifi card on his laptop was active, letting me trace his exact location.”
This apparently enabled NanoBaiter to get “a front-row seat to his life, watching him eat, sleep, and then scam innocent people… all through his webcam.”
Microsoft has just issued a longform warning about such popup attacks, the most common form of which is ClickFix, which tricks you into running a script on your PC to install malware, rather than calling a number. The social engineering is the same.
Google has warned specifically about these tech support scams, whether or not you call them or they call you. If you see a popup on your screen, exit the popup or app if you can. If you can’t exit, then do not hesitate to force restart the device.
The FBI says variations on this theme include the following:
- Unsolicited phone calls or text messages claiming to be from tech support
- Internet pop-up windows telling you to call a tech support number
- Websites or online ads advertising a tech support number
- Financial institutions, utility companies, or cryptocurrency exchanges
All of these are scams, and it’s now made worse with AI. The latest ruse is to plant fake numbers online such that when an AI assistant is asked to find a phone number for technical or customer support, it retrieves a fraudulent one. Do not do that either.
If you’ve been hit by one of these attacks. The FBI says you should file a report, run an “up to date virus scan” on your device, contact your financial institutions immediately, and of change all passwords for any accounts that might be compromised.
It’s easier just to make a rule — never call any of these phone numbers.
Meanwhile the police in India have been notified.