Is it dangerous to call spam phone numbers, even if you know they're spammers?

Question

I sometimes like to check spam just to see how the messages look like, and I found someone who actually put an American phone number (1-XXX-XXX-XXXX). Most of these spammers are either trying to get money out of you, or hack you in ways like disguising as services like Google+.

Not that I actually want to, but I am curious if calling the number would do something to my phone. How could a hacker possibly access sensitive information just by tricking someone into calling. I have heard (no idea where), that some numbers when called, will charge you an enormous bill. Could this be true?

Answer 1

Can you get "hacked" by calling a number?

I am curious if calling the number would do something to my phone. How could a hacker possibly access sensitive information just by tricking someone into calling.

It could be a hack, or it could be a prelude to a hack. Here are some rough examples:

1. If you call them, the spammer can find out if that phone number is owned by an actual person. The spammer can also easily fake the same area code as you, and set up a clever social engineering trick that may involve you thinking with the wrong head.

2. If you're dumb enough to call them, you may be gullible enough to fork over additional information. If you're dumb enough, they may call you from other numbers, or forward you to another number.

3. There may also be an exploit in your phone's processing of various messages/content types. While they could easily target all phones at once by using some form of auto-messaging feature, this may be easily stopped by carriers.

Learning more about you allows an attacker to guess secret answers, passwords, etc. If you're the gullible type, chances are you don't have a good password policy, or you could be tricked into visiting a malicious website, or both.

---

But why not just send infected videos or pictures to everyone?

Let's assume the spammer has developed, or found, a program that helps with automatically dialing phone numbers.

If they're sending an infected video or picture to multiple recipients, they may quickly run out of data. It's far cheaper and easier to target people individually, especially those gullible enough to call the number.

In fact, if they target everyone, then that also increases the chance of their scam becoming well-known. By limiting their attacks only to the gullible, they've found a very good way to limit detection and knowledge of their particular scam.

The reason why they'd want to limit knowledge is that many folks may be searching for a particular scam, not exactly their specific scam. This is a problem with many gullible people: they can't really think outside the box, and not realize it's the same type of scam, but with different features.

---

Your information helps scammers engage in Social Engineering tactics

Have you ever tried to contact customer service for anything important, such as banks, online game accounts, websites, etc? Usually, they need specific information from you, or someone pretending to be you, in order to handle your request.

In fact, just recently, I was able to social-engineer a customer service representative for an account of mine by providing details on things I knew about me, without actually providing any real concrete details, or even providing my identity. All I needed was a few bits of information about myself.

Social Engineering is a tactic used everywhere, and often results in astounding success because people in general are ill-equipped to handle it. If a spammer has your phone number, then it may be possible for them to get other information. Maybe your phone number is tied to different accounts.

Maybe they have a partial database of credentials stolen from various websites, which could include more information on you. Maybe that database includes information on your email address, which will allow the scammer to continue their campaign of phishing without you realizing it.

---

Can calling spam numbers cost me money?

I have heard (no idea where), that some numbers when called, will charge you an enormous bill. Could this be true?

Yes, this is possible.

If you're calling a premium-rate telephone number, then that could cost you a lot of money when you call them. If you text a number associated with a "donation", whether it's legitimate or a scam, your phone bill will likely include additional charges.

Answer 2

All numbers of the form 1-XXX-XXX-XXXX are American, in the sense of the Americas, but they won't all be domestic calls. Until you check the area code, all you know is that they're part of the North American Numbering Plan, which covers 20 different countries. So right off the bat, you might be making an international call, which could be expensive for you.

Like Mark said, you also need to check if it's a premium number. You might know how to identify a premium number from your country, but you probably don't know how to identify a premium number from another NANP country.

Answer 3

Among other articles available online, the US FTC has an interesting article on "the growing 'one-ring' cell phone scam:"

Here’s how it works: Scammers are using auto-dialers to call cell phone numbers across the country. Scammers let the phone ring once — just enough for a missed call message to pop up.

The scammers hope you’ll call back, either because you believe a legitimate call was cut off, or you will be curious about who called. If you do, chances are you’ll hear something like, “Hello. You’ve reached the operator, please hold.” All the while, you’re getting slammed with some hefty charges — a per-minute charge on top of an international rate. The calls are from phone numbers with three-digit area codes that look like they’re from inside the U.S., but actually are associated with international phone numbers — often in the Caribbean. The area codes include: 268, 284, 473, 664, 649, 767, 809, 829, 849 and 876.

If you get a call like this, don’t pick it up and don’t call the number back. There’s no danger in getting the call: the danger is in calling back and racking up a whopping bill.

Although in practice the danger is probably not that large, in short, the answer to your question is potentially yes; and more likely yes if you know they're spammers than if you don't know who they are.

You could also be giving away other personal information in terms of location/call trace information, voiceprint, environmental sound data (which could also carry location or other information about you), or the signal that you're a valid human with current psychological attributes that lead you to call back an unknown missed number (which may correlate with the psychological attributes that make you receptive to future scams that operate over the phone). As a final note, it could increase your exposure to getting caught up in a government surveillance dragnet as a result of you placing a direct call to a number that may be (or if not, perhaps should be) under investigation.

Answer 4

There is another option. They can list someone else's number in the spam, and the real attack is to that person they hate. I don't think this is common, as people calling a spam number should be already rare. But it is possible.

Alternatively they can sell your number and it might be used for other spams. But probably not very cost-effective.

Answer 5

Kudos to @Mark Buffalo for his answer, that's spot on.

Just to extrapolate on that, working in the VoIP telephony industry, if you call back a number that you don't recognise, say for example that it is a spam caller, you are effectively confirming to the dialler/company/data provider that the line is a "live lead".

In the UK it's frowned upon and in a certain sense it's illegal. Forgive me in advance for any UK terms. Someone also mentioned (@Jim I believe), what if the call is made back to the originator with the number withheld/caller ID anonymised. In certain select circumstances, for example if the call is made via a SIP network, withholding your number may make little difference.

In a SIP sense, while your Caller ID will be set to anonymous (From: sip:anonymous), there is nothing stopping your telco from setting your real Calling Line Identifier in a P-Asserted Identity header or a Remote-Party Identity header, therefore the end party can decode this information and reveal your line identifier. Of course this is a very select scenario but not impossible, knowing how many companies are now utilising SIP/VoIP services instead of traditional PSTN/POTS/ISDN lines.

As much as I'd appreciate you'd want to call them back and give them a piece of your mind, I would advise against it and just either ignore it or add it to your devices Blocked/DNC List. In the UK, you can register with the Telephone Preference Service to reduce unsolicited sales/marketing calls. In the US, I believe you have the National Do Not Call Registry. Once registered, I believe that it then becomes illegal/a felony to call the number without explicit consent.

There are a multitude of reasons not to call them back as they could extort information out of you, you could call back a number that is a premium rate number, to name a couple. Better safe than sorry.

Answer 6

I got a missed call to my idea cell Number so many times from (+387644006776), by looking it to several times, even not responded (or) not lifted the call, -one day i got the same ringup call from this unknown number, i was at a distance leaving the mobile on my office desk, when i have taken up the cell & could n't able to lift the call, By curiosity i had called back to this number from my idea cellular mobile number for only 2 seconds,& astonishingly found that my balance has been drained out, & that has been charged me to Rs.60=00 at once, So i have learned a lesson that not to lift the unknown spammers calls & also not even try to dial to these type of spammers / Hackers Numbers, this is really a spam call, so be careful enough to respond to these type of Numbers (+387644006776 !!! spammer Number)