What are they and how do I avoid them?

In today’s digitally interconnected landscape, communication is facilitated by platforms like Google Voice, a widely used voice-over-IP service that provides users with a virtual phone number linked to their Google accounts. This service allows for features such as sending text messages, making calls, and recording voicemails, all while helping maintain user privacy by masking real phone numbers. However, the popularity of Google Voice has rendered it a prime target for scammers, who exploit its functionalities for fraudulent activities.

Google Voice scams, which accounted for 60% of all reported scams to the Identity Theft Resource Center in the US last year, often operate through a typical scheme. Scammers create a Google Voice account and approach potential victims online, masquerading as interested buyers or sellers on platforms such as Facebook Marketplace or Craigslist. Initially engaging innocuously, these fraudsters then request a verification code to allegedly confirm the victim’s identity, claiming it is necessary to ensure they are not dealing with a scammer or a bot.

The crux of this scam lies in the verification code, which is essentially a two-factor authentication (2FA) code. When the victim shares this code, the scammer gains control of the account linked to the victim’s phone number. Their success means they can then transfer the Google Voice number away from the victim’s account, enabling a wide range of fraudulent behaviors, including selling the account to other scammers, conducting voice phishing (vishing) attacks, or using the number to launch additional scams against the victim’s contacts.

The implications extend beyond mere account hijacking. Fraudsters may use the Google Voice account to impersonate the victim, making calls or sending messages to their friends and family in an attempt to extract funds or sensitive information. With the potential integration of technologies like generative AI and deepfake software, these scams can become even more advanced and difficult to detect, increasing the need for vigilance among users.

To protect oneself from such scams, individuals should remain wary of anyone requesting a Google authentication code. Legitimate texts and messages from Google will clearly state that they are intended solely for individual use and should never be shared. Offline communication techniques—like confirming identities through video calls or by using different verification methods—can help thwart potential scammers.

In the unfortunate event of falling victim to a Google Voice scam, users can take action by visiting a dedicated Google page to reclaim their Google Voice number, as long as it was removed within the past 45 days. It is also vital to report the incident to the Federal Trade Commission (FTC) and local law enforcement, particularly if personal information was compromised.

This pattern of fraud is cyclical; as scammers target users for account access, they perpetuate a broader scheme of deception that affects many others. Therefore, raising user awareness regarding these scams represents a crucial step in breaking this cycle, encouraging vigilance, and fostering a more secure digital environment.

In summary, the intersection of advanced technology and persisting social engineering tactics underscores the necessity for individuals to remain informed and cautious of scams, particularly those involving popular communication services. Understanding the workings of these schemes is vital for protecting personal information and reducing the risk of falling prey to digital fraud.