Who’s Making All Those Scam Calls?
Who’s Making All Those Scam Calls?
Why Are You Getting So Many Scam Calls?
Every day, thousands of people get calls “from the ATO, IRS, Amazon, Microsoft, or your bank.” Most are impersonation scams run by organised call-centre operations offshore. In Australia alone, phone calls were the highest-loss contact method in 2024 A$107.2 million reported lost across 2,179 victims who said they lost money; more than 23,700 reports involved impersonation of myGov/ATO/Services Australia. Scamwatch In the U.S., the FTC logged US$12.5B total fraud losses in 2024; phone calls were the second-most common contact method, and high-dollar losses are rising especially for older adults.
How these calls typically play out
- Bank security script: “Suspicious transfer detected read me the code to stop it.” (They’re stealing your 2FA.)
- Tax authority script: “ATO/IRS here pay now or face penalties.” (Real ATO/IRS won’t threaten arrest or demand instant payment by wire/crypto/gift cards.)
- Big-brand refund/support: “Amazon/Microsoft press 1 to verify a charge / call this number about a virus.” (Legit companies do not ask you to call numbers from pop-ups or surprise texts.)
What to do in the moment (simple script)
- Don’t verify anything on the live call.
- Say: “Thanks. I’ll call back using the number on my card/official site/app.”
- Hang up. Then call back on a trusted number or through the official app.
- Never share one-time codes, passwords, or remote-access links—no bank or agency will ask for them.
If you already shared info or paid
- Lock it down now: Reset passwords, revoke sessions, enable app-based 2FA.
- Call your bank/card to request a recall/dispute and add extra security notes.
- Report it:
- Australia: Scamwatch/NASC and ReportCyber; for ATO impersonation, ring 1800 008 540.
- United States: ReportFraud.ftc.gov and IC3.gov; follow IRS guidance if tax-related.
- Tech-support angle? See Microsoft’s official steps for avoiding/reporting these scams.
Where Do Scam Calls Come From?
Scammers exploit cheap VoIP, spoof Caller ID, and reuse playbooks that scale globally. Telcos and regulators are blocking billions of attempts and sharing bad numbers—but criminals constantly rotate infrastructure. (Example: Australian carriers report large-scale blocking and weekly intel-sharing with the National Anti-Scam Centre.)
While scam calls can come from anywhere, many originate from large, outsourced fraud operations in countries like:
- India
- Pakistan
- The Philippines
- Nigeria
- Indonesia
These scam hubs target people in Australia, the US, UK, and Canada using:
- Cheap labour
- VoIP tech to spoof numbers
- Scripts impersonating government or businesses
Many operations run like legitimate call centres with managers, KPIs, daily targets, and even onboarding for new scammers.
How Do They Get Your Number?
- Data leaks from websites and companies
- Purchased lead lists on the dark web
- Social media scraping
- Fake online competitions or surveys
In many cases, scammers don’t even know your full identity at first—they rely on fear or confusion to get more info out of you.
Inside the Scam Call Industry
Investigations by journalists and cybersecurity researchers have uncovered call centres with:
- 200+ full-time scam agents
- Floor managers and scriptwriters
- Crypto payment processors
- Fake websites and landing pages
A 2023 BBC investigation exposed an Indian scam call centre that made over 70,000 calls per day, targeting Australians and Brits.
Real Arrests & Crackdowns
Australia & AFP:
The Australian Federal Police have worked with Interpol to take down international scam networks, particularly targeting people sending money via crypto or gift cards.
US & Homeland Security:
Homeland Security Investigations have uncovered dozens of call centres in India and Eastern Europe posing as US government agencies.
Notable Case (2024):
An Interpol-coordinated sting operation led to 70 arrests across five countries, uncovering scam scripts, data servers, and millions in crypto.
How CypherGuard Helps Trace These Calls
At CypherGuard, we use cyber intelligence and fraud forensics to:
- Analyse scam call metadata
- Track digital infrastructure (domains, servers, VoIP trails)
- Identify wallet addresses and crypto flows
- Build victim reports and assist law enforcement
Our tools help trace scam activity while it’s still live, maximising the chances of exposure and recovery.
What You Can Do If You Get a Scam Call
- Hang up immediately if something sounds off
- Don’t give out any personal details over the phone
- Report the number to Scamwatch or the FTC
- Block the number and mark as spam
- Enable call filtering tools on your mobile phone
- Let friends or family know about new scams
Scam calls aren’t random, they’re part of a billion-dollar global fraud economy. They may sound like your bank, the government, or even your loved ones. But behind the call is often a script, a server, and a criminal operation.
The good news? More people are fighting back.
With real-time cyber intelligence and global cooperation, CypherGuard helps trace and disrupt these networks fewer people fall victim to a voice that was never real to begin with.
Stay cautious. Verify everything. And if you’re not sure, hang up and call the real number.
FAQ
The number matched my card/Google listing. Doesn’t that prove it’s real?
No. Caller ID can be spoofed. Treat every unexpected call as unverified until you call back on a trusted number (card/app/official site).
Do the ATO or IRS call people?
They may contact you, but they don’t demand instant payment, threaten arrest, or ask for gift cards/crypto/OTP codes. If unsure, hang up and call the official hotline (ATO 1800 008 540; IRS phone numbers listed on IRS.gov).
A pop-up told me to call Microsoft/Apple about a virus. Is that legit?
No. Real security messages won’t tell you to call a phone number. Close the page/app, run your official security tools, and follow Microsoft’s guidance.
I gave a one-time code on a call, what now?
Assume your account is compromised: change your password, revoke sessions, enable app-based 2FA, and call your bank to secure accounts and note the incident.