The Facts behind the ‘Hello can you hear me’? scam
There has been widespread media attention about a phone scam doing the rounds in Australia where scammers have reportedly been trying to record customers saying the word ‘yes’ in order to use the voice recording to authenticate illegal purchases.
The scam was originally reported overseas back in 2016 and still currently receives the odd article in Australia.
So what is the “Hello can you hear me scam”?
The scam involves customers receiving a call where the caller says “Can you hear me?” often multiple times.
Of course, the natural reaction is for people to say ‘yes’ at which point the scammer hangs up as they have received their objective – a voice recording of the victim saying ‘yes’.
They then allegedly use that recording to authenticate illegal purchases.
Police have now issued a warning advising customers to hang up immediately if you receive a call with hello can you hear me?. And if you have received one of the calls and did answer with a yes you are advised to contact your bank immediately.
So is the ‘Hello can you hear me’ scam legit?
At first glance, the scam does seem to have some validity. Local police in Queensland have issued warnings and major news sites like www.news.com.au have covered it.
But dig a little deeper and some holes emerge…
Primarily, we havent yet been able to identify any scenario under which a scammer could authorise charges in another persons name simply by possessing a voice recording of that person saying yes, without also already possessing a good deal of personal and account information for that person, and without being able to reproduce any other form of verbal response from that person.
And even if such a scenario existed, it’s hard to imagine why scammers would need to use an actual audio recording of the victim repeating the word yes rather than simply providing the ‘yes’ response themselves.
Surely it would sound a bit weird having an entire conversation in one voice and when the call centre operator asks to confirm the order suddenly the voice changes to another one?
What would be the point?
So is it legit?
Not at all (so stop panicking!).
Fake news website Snopes first reported the scam earlier in the year and despite speaking to several ‘victims’ who claim to have received the call, not a single dollar is reported to have been lost to this scam.
What about using the voice recording to bypass Voice Biometrics?
With the increase in companies using Voice Biometric solutions which use a person’s voiceprint to identify themselves, I wanted to take it one step further and determine if it would be plausible for the fraudsters to use the ‘yes’ recording to actually bypass voice biometric systems.
For those unaware, Voice Biometrics uses a person’s voice to identify themselves and the technology is becoming widely used across the globe to improve security, efficiency and the customer experience with the Australian Tax Office successfully deploying Voice Biometrics across all its digital channels in early 2016.
So would the ‘Hello can you hear me scam’ trick the Voice Biometrics system? Speaking to Robert Schwarz, Managing Director, Enterprise, Nuance Communications, Aust & NZ (Nuance is the leader in Voice Biometrics solutions worldwide) the answer is a firm ‘no’.
“Most biometric validations occur using phrases and sophisticated algorithms so a simple “yes or no” response just wouldn’t be sufficient to gather enough information to be biometrically identified.
The recording of the word yes to play back when asked to confirm the order/transaction is really a step that the fraudsters dont need to take as it is just speech recognition of the command yes or no.”
If a company had voice biometrics installed in the contact centre, it would prevent this scam in 2 ways.
- The fraudster making the initial call and pretending to be someone else, would not even make it through to the call centre agent, (in the case of an IVR), or would be recognised by the call centre agent as not the person they are claiming to be as the Voice Biometrics system would have picked that up biometrically.
- If they did get through to place an order (with no biometrics deployed) and the system asked for a passphrase to confirm the order, the recorded yes would be picked up as a recording and not a real person, in which case a liveness test” could be deployed to block the fraudster.
How do I report a scam?
If you’ve been impacted by a scam the best thing to do is advise ScamWatch – set up by the Australian Competition and Consumer Commission. There is also some good information on their website about current scams that are currently doing the rounds.
If you have been threatened, assaulted or had your property stolen, contact your local police immediately.
If you think your bank account details have been compromised, alert your bank or financial institution immediately.
So no matter which way you look at it, as for this particular scam, there doesn’t appear to be any plausible way that this scam could be used to extract money from unsuspecting victims which is good news for us all.
- Learn more about the latest SCAM that has hit Australia hard: The infected computer phone scam
- Sick of getting Telemarketing calls? Learn how you can stop telemarketing calls in Australia
- Not all call centres are bad!!! Read the top 8 myths about working in a call centre