Why You Should Never Call These Numbers On Your Phone (2025)

The FBI has just warned that Americans lost more than $16 billion last year, up more than 30% on the year before. The plague of scams targeting phones and computers by email and text message topped the list, which is unsurprising given the near constant warnings from the bureau and other law enforcement agencies as such dangerous scams sweep the country from state to state.

The FBI released its alarming new data on Wednesday, the same day that the security researchers at ESET warned of the latest scam targeting smartphone users. “Malicious actors are always looking for ways to add legitimacy to scams and evade email security filters, it said, having discovered that Google Forms is the latest ”opportunity to do both," and is now “favored by cybercriminals.”

Google Forms is a freely available tool that lets users “easily create forms and surveys to gather data and gain insights from anywhere.” This might be a customer survey, a registration form or a quiz. It also lets cybercriminals phish for credentials and lure victims into doing what they shouldn’t — such as calling a fraudulent number.

ForbesFBI Warns Smartphone Users—Do Not Take Unsolicited Bank And Support CallsBy Zak Doffman

The forms can be customized to mimic a brand or public sector organization, and “it’s quicker, easier and cheaper to do so than build a dedicated phishing site, and less likely to be blocked by security filters.” The link to the form will come at you by email or text, and as with everything else these days, you’re more likely to be tricked on a small screen phone than on your computer. As the attackers know all too well.

ESET warns that these “attackers [will] send you a malicious Google Form crafted to trick you into calling a phone number listed on it. The form may be spoofed to appear as if sent from a bank or other trusted service provider.” The lure will be urgent, threatening something adverse or promising some incentive if you take action quickly. “Often the form will state that your account will be blocked or that money was taken (or will be taken from your account) unless you get in touch.”

Your call will be answered by a well-rehearsed scammer, “using charm to convince you into handing over personal and financial information.” There’s every chance the call handler will also suggest you download software onto your device to stay safe. As Microsoft and others warn, you must never do this. If not malware, this software will likely give the attacker remote access to your phone while you’re talking to them.

Just as with text and email attacks, these new voice lures (vishing as opposed to phishing or smishing) may also ape a major brand. “Victims received an email containing a malicious Google Form impersonating PayPal, Netflix, or one of several other big-name brands. The form contains details of a fake charge which is about to be applied, unless the recipient calls the phone number supplied.”

ForbesWhatsApp Confirms How To Block Meta AI From Your ChatsBy Zak Doffman

This is no different to the technical support and banking call lures that the FBI has warned about and which underpin some of the headline-grabbing attacks on Google users in recent months. As ever, users are told that brands will never proactively reach out in this way. And any contact should be made by you using usual, publicly available channels or those available through your app. Do not call numbers sent to you in texts or emails or Google Forms. There are no exceptions.

The other advice is to set up passkeys or very strong two-factor authentication linked to an app on your phone. Do not use SMS. None of these codes should ever be shared with anyone. Passkeys are best, as they can’t be bypassed or intercepted. They are linked to your hardware and don’t give you a code to share, even if you wanted to.

ESET’s warning follows Cleafy’s from last week, when an SMS or WhatsApp message “notified users of a suspicious outgoing payment [and] prompted potential victims to call a specific number to dispute the transaction.” In that instance, the caller pushed software to the victim which enabled their bank card to be cloned over the air.

You have been warned.