Always On Means
Mobile Customers Are Always At Risk

revealing sensitive information, changing account access requirements, or approving fraudulent financial transactions. Some examples of voice cloning scams have involved impersonating a bank representative or a loved one in need — creating a sense of urgency that pressures the victim into taking quick action.

Spoofed caller ID and smishing: Unfortunately, spoofing technology has become a criminal commodity. As a result, fraudsters can easily make it seem as if their calls are coming from legitimate phone numbers — including customer service lines of the consumer’s telecom provider. Combined with deceptive text messages called “smishing” (SMS phishing), they can quickly deliver a very convincing one-two punch that uses the spoofed phone number to build trust and override any initial suspicions. Victims often don’t realize they’ve been duped until well after their accounts have been compromised.

The “say yes” scam: This is a subtle but effective scheme where scammers open a call with a question designed to elicit a simple “yes” from the victim. Whether they start by asking “Can you hear me?” or verifying their name, they’re preying on the human impulse to respond. And while it may seem harmless, the scammers are waiting to record your voice saying that single word — because they can then use the recording to authorize fraudulent transactions or misrepresent your consent on voice-authenticated systems.

Malicious QR codes: QR codes have increasingly become targets for malicious schemes — and for good reason: 73% of consumers scan them. Leveraging that trust, scammers now create fake QR codes and place them on public infrastructure where one might expect to see them, such as parking meters or restaurant menus. When an unsuspecting consumer scans it to make a parking payment or access a menu, they instead access a fraudulent website or inadvertently install malware onto their device.  

Wrong number engagement scams: This kind of scam starts with a seemingly harmless wrong number text. By replying, however, the victim confirms to an attacker that a mobile number is active and tied to a person willing to engage. These scams then escalate when the attacker starts preying upon the victim’s instinct to be polite or helpful. Ultimately, the scammer’s goal is to steer the interaction into an opportunity for financial exploitation — whether gathering enough information to commit identity theft, asking for money, or presenting a fake investment ploy.

Realigning customer protection approaches

As central enablers of consumers’ mobile experiences, telecom companies play a key role in reducing risks that come with them. If customers cannot feel safe on their devices, their trust in their telecom providers can be quickly eroded.

Telecom providers should evaluate their customer protection efforts across three key areas to ensure they align with today’s mobile risk trends.

1. Consumer empowerment: Turning customers into the first line of defense

As threat actors increasingly target human behavior rather than network infrastructure, consumer education moves to the forefront as a powerful security layer. Telecom providers no longer have the option to wait until a cyber event occurs. Instead, they must engage customers proactively with practical and timely resources that help them recognize suspicious activity — thereby cultivating them as allies in the fight against scammers.

What does this engagement look like? It could be push notifications that alert customers to active scam campaigns; easy-to-consume educational articles regarding mobile threat awareness; and tools that enable customers to report and blocksuspicious calls as they happen. The goal is to transform consumers from passive recipients of fraud protection into active participants in their own security.