Google Voice Scams: What They Are and How to Stay Safe
Table of Contents
- By Steven
- Published: Nov 11, 2024
- Last Updated: Nov 11, 2024
Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code. By stealing other people's Google Voice accounts, hackers and scammers impersonate their victims by luring others into fraudulent transactions.
Scammers make millions per year using other people's Google Voice accounts. How should users protect their identification and PIN codes for bank accounts, travel sites, and Google Voice accounts?
Are you concerned that your identity has become compromised?
Check out IDStrong.com's various scanning and identity monitoring services to help give you peace of mind!
What Are Google Voice Verification Code Scams?
Scammers scam and their plan is simple. They explicitly target Google Voice accounts and create several attack vectors, including Smishing, to steal their victims' verification codes.
Smishing or SMS hacking is an attack vector hackers use to lure victims into clicking on malicious links sent through texting. This phishing attack is highly effective against people who send and receive text messages for their business or on a personal level.
How Do Google Voice Verification Code Scams Work?
Scammers use several attack vectors, including social engineering, rogue voicemails, and profound fake messages, to lure victims into disclosing their Google PIN code.
Initial Contact by Scammer
Social engineering also plays a role in scammers' attempts to steal Google Voice pin codes. Hackers and scammers troll their victims' social media accounts, looking for connections and links to small businesses listing their phone numbers.
Scammers actively use an automated dialer to search for phone numbers and voicemail boxes with the greeting, "The Google Voice subscriber cannot be reached at this time, or their mailbox is full."
This message tips off the scammer and hacker, confirming the phone number their auto-dialer connected to is a Google Voice account.
The next step the scammer will execute is to send malicious links via SMS to the newly discovered Google voice numbers.
Once the victims click these links, they become redirected to a hacker's website. This site impersonates legitimate web content and encourages users to change their Google Voice password and PIN code.
The Deception
Scammers will send text filled with malicious content and links encouraging their victims with messages including:
- "You won! Click here to claim your prize!"
- "You got the job! Click here to access your office letter!"
- "We are having trouble connecting with you. What is your Google Voice Verification pin code?
The Aftermath
Once hackers and scammers gain control of a victim's Google Voice account, they can exploit anyone connected to that number. These exploits include impersonating the victim. Hackers will use social outreaches, including requesting money from their victims' friends and seeking personal information from people within their social network.
Who are the Targets?
Anyone with a Google Voice account is a target of hackers and scammers. Hackers will focus on online retailers, real estate agents, and students. Students especially become targets because many use Google Voice instead of getting a more expensive account with AT&T, T-Mobile, or Verizon.
Business professionals, including brokers, mortgage lenders, and freelancers, also use Google Voice because it is cheaper and accessible to turn off when needed.
Online Sellers and Buyers
Another high target group hackers and scammers will focus their efforts on is the Amazon, eBay, and Temu sellers. Many sellers work part-time, offering various products across these e-commerce platforms. Amazon, for example, requires a cell phone number for each account. Google Voice is ideal for this business requirement.
Buyers, especially professionals, use Google Voice instead of their current phone number to handle all transactions.
Hackers and scammers who gain access to these Google Voice numbers now have the means to steal personal information, transaction data from these e-commerce sites, and credit card information. They will also gain significant access to buyers' and sellers' shipping information if they leverage drop-ship service from these e-commerce providers.
People Seeking Service
Leveraging a Google Voice phone number has also become common for people seeking employment or hiring plumbers or contractors. People have become very guarded when giving out their primary cell phone numbers. Using Google Voice provides a safety buffer for people by extending them a second number to others.
People can use this second number attached to their resumes for job boards, when hiring contractors for home repairs, or even when talking to someone they just met in public.
Hackers who gain access to this second number now possess the means to impersonate their victims and open up access to the jobs they applied for, the contractors they hired, the home address where the work will be performed, and other people with whom they may have exchanged numbers.
How To Identify Google Voice Verification Code Scams
Identifying a Google voice code scam starts with someone texting you, requesting your PIN as a confirmation. Hackers also usually use spoofing software with a number familiar to their target victim.
Red Flags to Watch Out For
The most important red flag people should look out for is a text requesting access to their Google Voice PIN code. This attack vector is prevalent, and hackers attempt to hijack someone else's Google Voice number. Hackers also use the voice mail function with Google Voice to send malicious messages to new victims.
Suppose users recognize their Google Voice mailbox is compromised or have recently noticed that someone has sent several unexpected voicemail messages from their account. These events are a red flag that this account has become compromised.
How To Stay Safe from Google Voice Verification Code Scams
There are several critical steps Google Voice users can take to avoid having their accounts become compromised. Realizing the vulnerabilities of Google's Voice solution, replying to suspecting text messages, or receiving calls from some claiming to be long lost should serve as critical warning signs.
Recommendations for Securing Your Google Account
As more Google Voice users discover how easily their accounts were hacked, they realize the importance of enabling multi factor authentication (MFA). MFA provides a second challenge for users to protect their credentials if the first one becomes compromised. The second challenge could include a PIN code, passcode, or one-time password.
What To Do If You’ve Become a Victim of Google Voice Scamming
If a Google Voice user believes their account has become compromised or they are being scammed, the initial step is changing their password and enabling MFA. The second step is to turn off the Google Voice phone number. In the third step, the Google Voice customer should close their account if needed.
How To Avoid Future Scams
Preventing any cybersecurity fraud attack starts with awareness. Google Voice users should become more aware of cybersecurity attacks against their credentials, which is the goal of each hacker and scammer. “Never give up the verification PIN code.” Once that code is compromised, the hacker and scammer can access the entire account.
To Whom Do You Report Google Voice Scams?
Suppose a person's or business's Google Voice account becomes breached or witnesses a hacker or scam attack. In that case, the individual or organization can report the event to the following law enforcement and consumer protection agencies:
- Federal Trade Commission
- Identity Theft Resource Center (ITRC)
- Federal Bureau of Investigation (FBI) - Building a Digital Defense Against
- Google Voice Authentication Scams
Preventing Google voice scam attacks starts with being alert to malicious links inside emails, text messages, or rogue voicemails demanding your verification code. Keep this code and your account information secret, do not divulge your credential login information, and most importantly, if someone calls your number and you suspect a hacker or scammer, hang up.
If your credentials have become compromised or you suspect someone is impersonating you, take a moment to check out IDStrong.com's various dark web scanning and identity monitoring capabilities.
IDStrong's ability to scan the dark web and validate whether another party has used your email, phone number, and Social Security number is critical to protecting your financial information.
For more information, click here to learn more.