Another security problem has been spotted in voice assistant platforms. However, this one has nothing to do with the recent controversy over private conversations being listened to by contractors without users’ knowledge.
As reported by the Better Business Bureau (BBB), scammers have worked out how to game the search results for company customer support telephone numbers.
It’s a simple con where scammers create fake support numbers for well-known brands, paying for these to be bumped to near the top of search results.
A person sitting at home asks their voice assistant (or smart device embedding that technology) to find that company’s telephone number and instead of the correct one, a scammer’s phone number is returned to them to auto-dial.
The report cites real victims, including a woman who tried to phone a large airline to change her seat, only for the unnamed voice assistant to put her through to criminals impersonating that company.
The result? They tricked her into paying for $400 in gift cards after convincing her that the airline was running a promotion.
In a second example, Apple’s Siri put someone through to a tech support scam when the user believed he was phoning for help with his printer.
Achilles heel
Deceptive advertising has been a problem on conventional web searches for years – a polite way of saying that this issue was utterly predictable.
Arguably voice assistants inadvertently make this worse, because the user has no visual information to judge the reliability of what they’re being sent to (a dodgy domain, say) and no alternatives for comparison.
And there’s no easy way to counter these through the platforms themselves because assistants depend on search engines to deliver reliable results.
Search engines such as Google say they devote resources to rooting these fakes out as quickly as possible, but it’s not always that simple when scammers set up paid accounts to promote their cons.
Even when they are noticed by search engines, they can quickly be resurrected through new accounts pushing the same fakery.
What to do
The BBB’s sensible advice is mildly paradoxical – don’t rely on voice assistants for anything as risky as customer support numbers. Always manually check these on the web.