A new scam: The “Middle of the Night” call
A call from your burglar alarm company turns out to be something else entirely. What you can do to protect yourself from clever criminals.
By Brad Berens
One of the most popular things I’ve ever written is “Beware the Words with Friends Scammers” about how predators were targeting lonely older women who played this online equivalent of Scrabble.
Here’s another scam to watch out for: the “Middle of the Night” call.
We were having dinner with my parents when my Dad mentioned an odd call from their burglar alarm company that day. The phone rang at 2:00am, and when Dad picked it up the person on the other end, talking quickly, said that she was calling from the alarm company about a medical emergency.
No, we’re fine, Dad said.
The caller then asked for the address, which Dad provided. “No, that’s not the right address,” the caller said. “We’re calling about another address” (a mile or so away). Then, the caller asked for the alarm abort code, which Dad provided. The caller then apologized for the mistake and ended the call.
The number on Caller ID was the number of the alarm company.
Dad went back to sleep. Remember: this was at 2:00am, when most people are groggy rather than suspicious.
When I heard this story, something about it had a wrong shape: as a practitioner and researcher I’ve done a lot of work on phishing schemes and other scams; plus, I personally get dozens of scam texts a week with increasingly creative angles of approach. I’d never heard of a burglar alarm company calling about a medical emergency, and it sounded like Dad had given more information than he’d received.
My Spidey Sense tingled. “I don’t think that call was really from your alarm company,” I said.
Dad called the alarm company’s main line. They had no record of the 2:00am call. Dad changed the abort code, which is the most important thing to do.
What I think happened
“Scammer” sounds relatively harmless, but the stakes for this sort of scam can involve home invasion, burglary or robbery, and violence, so let’s call these folks what they are: Bad Guys.
First, the Bad Guys go driving around a target neighborhood looking for the signs on the lawn that say “Protected By” with a burglar alarm company logo. They collect those addresses.
Next, they figure out the phone numbers that connect with the collected addresses. Even if you have an unlisted number, it’s trivially easy for Bad Guys to figure out your number with a little concerted Googling. A little more Googling reveals the alarm company’s main phone number.
Next, the Bad Guys spoof the number on their phone so that Caller ID displays the alarm company’s main phone number. Spoofing isn’t always villainous, but it’s a common practice for telemarketers and scammers. (Search “Why is my caller ID showing a different number?” to get more information, or look at this AT&T tutorial.)
If you accidentally fall for a scam, don’t panic and don’t be ashamed: this happens to people all the time. Call your alarm company (or bank or whatever), and tell them what happened. If they agree that you have been scammed, they’ll help you change your security arrangements. If you have a nagging suspicion that there’s something off about a phone call or email where you responded, then the best thing you can do is talk with somebody about it. Share that suspicion with your partner or a friend. If they say, “hmmm… that does sound weird,” then take action.
Then, the Bad Guys wait until the middle of the night and call when people are asleep and groggy. The caller has a conversation much like the one the Bad Guy had with my Dad, exploiting both the hour and the natural desire to help that most people have.
At the end of that call, the Bad Guys have confirmed the address and phone number, and they have also elicited the abort code that they can then use to stop security guards or the police from coming if they break into the house.
This is a sophisticated scheme that uses modern technology and shrewd psychology to set up a burglary or robbery.
What can you do to prevent this from happening to you?
The easiest to describe is also the hardest thing to manage: don’t automatically give out information when people ask you. This is true of phone calls and also of emails, texts, and even brochures.
Always go through the front door.
If you get an email from your bank asking you to verify your password because, say, there’s an unexpected charge, don’t click on the link in the email. Instead, either open the bank app on your smart phone or go to the bank’s website and look for messages or notifications. If you don’t see any, then it was a scam.
If you prefer to call by phone, then don’t call the number in the email: instead, take out your ATM card and call the number on the back. The Bad Guys provided the number in the email, text, or brochure… so if you call that number you’re doing what they want.
With a phone call like the one Dad received in the middle of the night, once the caller starts asking for information rather than providing information, politely say to the caller that you’ll call back on the main line. If the caller gives you trouble about this, that’s a sign that the caller is a Bad Guy. Then call the main line, tell the operator about the call you just received, and ask if the company really received a notice about a medical emergency (or whatever pretext the Bad Guy used).
If you accidentally fall for a scam like this, then don’t panic and don’t be ashamed: this happens to people all the time. Go through the front door, call your alarm company (or bank or whatever), and tell them what happened. If they agree that you have been scammed, they’ll help you change your security arrangements for your protection.
If you have a nagging suspicion that there’s something off about a phone call or email where you responded, then the best thing you can do is talk with somebody about it. Share that suspicion with your partner or a friend. If they say, “hmmm… that does sound weird,” then take action.
The digital revolution has made it easier for people to communicate with each other, share information, run old businesses more efficiently, and build new ones more cheaply.
Unfortunately, it has also helped Bad Guys build their businesses in the same ways.
Brad Berens is the Center’s strategic advisor and a senior research fellow. He is principal at Big Digital Idea Consulting. You can learn more about Brad at www.bradberens.com, follow him on LinkedIn, and subscribe to his weekly newsletter (only some of his columns are syndicated here).
See all columns from the Center.
November 23, 2022