Is it dangerous to call spam phone numbers, even if you know they're spammers?
Can you get "hacked" by calling a number?
I am curious if calling the number would do something to my phone. How could a hacker possibly access sensitive information just by tricking someone into calling.
It could be a hack, or it could be a prelude to a hack. Here are some rough examples:
- If you call them, the spammer can find out if that phone number is owned by an actual person. The spammer can also easily fake the same area code as you, and set up a clever social engineering trick that may involve you thinking with the wrong head.
If you're dumb enough to call them, you may be gullible enough to fork over additional information. If you're dumb enough, they may call you from other numbers, or forward you to another number.
There may also be an exploit in your phone's processing of various messages/content types. While they could easily target all phones at once by using some form of auto-messaging feature, this may be easily stopped by carriers.
Learning more about you allows an attacker to guess secret answers, passwords, etc. If you're the gullible type, chances are you don't have a good password policy, or you could be tricked into visiting a malicious website, or both.
But why not just send infected videos or pictures to everyone?
Let's assume the spammer has developed, or found, a program that helps with automatically dialing phone numbers.
If they're sending an infected video or picture to multiple recipients, they may quickly run out of data. It's far cheaper and easier to target people individually, especially those gullible enough to call the number.
In fact, if they target everyone, then that also increases the chance of their scam becoming well-known. By limiting their attacks only to the gullible, they've found a very good way to limit detection and knowledge of their particular scam.
The reason why they'd want to limit knowledge is that many folks may be searching for a particular scam, not exactly their specific scam. This is a problem with many gullible people: they can't really think outside the box, and not realize it's the same type of scam, but with different features.
Your information helps scammers engage in Social Engineering tactics
Have you ever tried to contact customer service for anything important, such as banks, online game accounts, websites, etc? Usually, they need specific information from you, or someone pretending to be you, in order to handle your request.
In fact, just recently, I was able to social-engineer a customer service representative for an account of mine by providing details on things I knew about me, without actually providing any real concrete details, or even providing my identity. All I needed was a few bits of information about myself.
Social Engineering is a tactic used everywhere, and often results in astounding success because people in general are ill-equipped to handle it. If a spammer has your phone number, then it may be possible for them to get other information. Maybe your phone number is tied to different accounts.
Maybe they have a partial database of credentials stolen from various websites, which could include more information on you. Maybe that database includes information on your email address, which will allow the scammer to continue their campaign of phishing without you realizing it.
Can calling spam numbers cost me money?
I have heard (no idea where), that some numbers when called, will charge you an enormous bill. Could this be true?
Yes, this is possible.
If you're calling a premium-rate telephone number, then that could cost you a lot of money when you call them. If you text a number associated with a "donation", whether it's legitimate or a scam, your phone bill will likely include additional charges.
All numbers of the form 1-XXX-XXX-XXXX are American, in the sense of the Americas, but they won't all be domestic calls. Until you check the area code, all you know is that they're part of the North American Numbering Plan, which covers 20 different countries. So right off the bat, you might be making an international call, which could be expensive for you.
Like Mark said, you also need to check if it's a premium number. You might know how to identify a premium number from your country, but you probably don't know how to identify a premium number from another NANP country.
Among other articles available online, the US FTC has an interesting article on "the growing 'one-ring' cell phone scam:"
Here’s how it works: Scammers are using auto-dialers to call cell phone numbers across the country. Scammers let the phone ring once — just enough for a missed call message to pop up.
The scammers hope you’ll call back, either because you believe a legitimate call was cut off, or you will be curious about who called. If you do, chances are you’ll hear something like, “Hello. You’ve reached the operator, please hold.” All the while, you’re getting slammed with some hefty charges — a per-minute charge on top of an international rate. The calls are from phone numbers with three-digit area codes that look like they’re from inside the U.S., but actually are associated with international phone numbers — often in the Caribbean. The area codes include: 268, 284, 473, 664, 649, 767, 809, 829, 849 and 876.
If you get a call like this, don’t pick it up and don’t call the number back. There’s no danger in getting the call: the danger is in calling back and racking up a whopping bill.
Although in practice the danger is probably not that large, in short, the answer to your question is potentially yes; and more likely yes if you know they're spammers than if you don't know who they are.
You could also be giving away other personal information in terms of location/call trace information, voiceprint, environmental sound data (which could also carry location or other information about you), or the signal that you're a valid human with current psychological attributes that lead you to call back an unknown missed number (which may correlate with the psychological attributes that make you receptive to future scams that operate over the phone). As a final note, it could increase your exposure to getting caught up in a government surveillance dragnet as a result of you placing a direct call to a number that may be (or if not, perhaps should be) under investigation.