Earlier this year, I wrote about a pernicious scam which involved a claim that the recipient had been filmed via their webcam while accessing a pornographic site. Most people would be able to pass that off as a fiction and ignore the message but some with a guilty conscience (and, to be fair, perhaps some afraid of a false accusation) might panic and pay the extorted fee.
Recently, there has been an even scarier version where the message verifies its claim by revealing that they have the last four digits of your phone number. Private information about you? The rest must be true… or is it?
I haven’t seen one of these messages myself but I heard about it on a recent edition of the Smashing Security podcast. They pointed out that various websites offer a recovery process for forgotten passwords that will offer to send a code to your phone. To check you still have the same number, they will often show the last four digits. That means anyone can try your address on one of these sites and, if you have an account there, they can get the last digits of your number – in other words, probably easier than suggesting they know the colour of your eyes.
Treat anything on Internet with a good degree of caution – and anything like this needs to meet a much higher degree of proof before you should even begin to consider it as being worth more than an immediate press of the delete button.