Beware: A Deviously Good Verizon Scam

This afternoon while I was going about my normal day I received what may be the most devious scam attempt I have ever experienced. Take my experience and remember to be vigilant at all times, scammers are pulling out all of their best tricks to gain access to your accounts.

2:58pm

I received a call from an unknown number [800-922-0204] but answered the phone anyway to see if it was possibly a call I actually needed to answer. I said Hello, and there was a short pause of dead air. This should have clued me in a little bit because a lot of these scam calls have a big delay before the scammer talks. I’ll do my best to lay out the transcript of the call from my recollection. This isn’t verbatim.

The incoming call at 2:58pm that appears to be from the actual Verizon support number.

[Scammer]: Hello Sir, I’m calling from Verizon Wireless to alert you to an order on your account that we believe wasn’t made by you. We’ve put a security restriction on your account but want to make you aware. There was an order for an iPhone X made to New York, while we have your billing address as [MY ACTUAL ADDRESS] which doesn’t match the order. We wanted to make sure you were aware of this order in case someone has taken control of your account.

[Me]: No, I certainly did not make any orders for a new phone on my account.

[Scammer]: Thank you, we’ll put a stop to the order and will set a security lock (I forget the word he used) on your account. First I need to verify who I’m speaking with so I will send you a pin code via text message and I need you to read that back to me.

[Me]: Okay

[Scammer]: Okay I have sent the pin code, please read it back to me.

Temporary password redacted, but you’ll notice this is actually from Verizon so the number matches the number the scammer spoofed to call me.

[Me]: No, I don’t feel comfortable with this. I’m not going to read the pin back to you.

[Scammer]: Okay sir, I do encourage you to act on this as soon as possible to secure your account and thank you for being a Verizon customer.

Hang up.

There are a few things that validated the whole thing for me. To start, the number they called from, which was being spoofed, is the actual Verizon support number. You can see in the text message (that actually came from Verizon) the number matches up. The second part is just that this is a common tactic, break into accounts and order phones/SIM cards and ship them elsewhere. Lastly, the scammer knew my actual billing address and gave it to me as evidence.

However, the more I looked at the text message the more skeptical I became. Why would Verizon need to send me a password reset code and have me read it back to them? The scammer was using the password reset tool on Verizon and once I gave him that code he could change my password to anything he wanted.

3:00pm

Now to make sure my account was secure I went to log in, and my password obviously wasn’t working because I had a new temporary password from Verizon. I logged in with the temporary password and changed my password myself on Verizon’s website. After that was done I checked my recent orders online to find nothing there.

3:02pm

I called the actual Verizon support [800-922-0204] to talk to a representative and first check if there were any orders on my account. She confirmed that my account was secure and there had been no orders made. I also informed her about the scam attempt and she said that they are aware and doing everything they can to combat them. What can they actually do to stop this; I surely don’t know.

Stay Vigilant At All Times

It’s always a wake-up call when a scam gets this close to you, they’re using all the tricks possible. This scammer even stayed ‘in character’ all the way to the end after I had denied him access. The best process to follow, and I need to remember it myself, is to hang up and call back on the actual support number. Use the companies website to go to their support center and get the official phone number, email, or chat. Even with the best computer security you can have, if you open the ‘front door’ for scammers and let them into your accounts, your computers, etc. you’re doomed. Often times you’re the first line of defense so stay sharp out there!

If you’re a PC Matic customer and haven’t taken it or it has been a while since you did I highly recommend the included KnowBe4 security awareness training that comes with our product. KnowBe4 are experts at user training and this course is specifically designed to help consumers notice scam attempts before it’s too late. PC Matic customers can contact customer support to get the access details for the course.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles