I recently came across a random comment in a Youtube video listing a phone number purportedly belonging to Gmail technical support. I have redacted the last 5 digits of the number so that nobody calls this number by accident: 1-855-23_-____
I was never going to call this number, but I was curious about it and wanted to investigate further. I know from personal experience how difficult it is to reach Google for any kind of technical support, so I was highly skeptical of the idea that they would have a dedicated support line for its e-mail users.
A quick Google search of the number turned up numerous interesting results. In the top 10 search results alone, I saw: Yahoo customer service number, Gmail technical support number, and Hotmail helpline number. Clearly, the number is fake; what legitimate “help line” would belong to 3 different companies? Visiting one of the Youtube results led to a video providing a long list of the problems that could purportedly be solved, including forgotten passwords and other related account problems.
This was possibly another case of vishing. Its better-known cousin, “phishing,” involves obtaining personal information (e.g. passwords, answers to secret questions, birth dates, credit card numbers) under false pretenses. For example, you might get a random email from a sender claiming to be your bank. You might be told that you need to “confirm” certain details about your bank account to prevent it from being closed in 30 days. Once you click the link, you are directed to a site owned by an attacker who promptly uses the information you have entered to take over your e-mail account, steal your money, etc.
Vishing is similar. In this case, the phone number was most likely set up to harvest the details of unsuspecting users who had Googled for a technical support phone number for their e-mail service. A con artist or a bot would pick up, pretending to represent the e-mail service’s technical support. Any user who calls the number and hands over their personal details would probably have their account compromised using methods such as the “I forgot my password” feature provided by most webmail services, which require answering questions involving personal details such as the ones that a user would have been asked to hand over.
The existence of such phone numbers shows that users should be wary of calling numbers provided by untrusted sources. Whenever you receive a call purporting to be from an organization which requires that you disclose personal information, consider telling them that you will call them back (using a number you know to be correct) rather than merely trusting that the person is who they say they are.