For millions of mobile users, the experience is familiar and frustrating: a phone rings, the caller ID shows an unknown number, but upon answering, there is only a heavy, expectant silence before the line goes dead. While most dismiss these “ghost calls” as technical glitches or wrong numbers, the Colombian National Police have revealed a more calculated reality. These calls are not accidents; they are the opening gambit in a sophisticated criminal strategy designed to map out potential victims.
The Dirección de Investigación Criminal e Interpol, known as Dijín, has warned that these silent calls are a primary tool for urban crime organizations. Rather than attempting a scam in the first interaction, criminals are using these calls to conduct “data reconnaissance.” The goal is simple but effective: to confirm that a specific phone number is active and that the person on the other end is willing to answer a call from an unrecognized source.
This process is a textbook example of social engineering, where psychological manipulation is used to trick individuals into revealing information or performing actions that compromise their security. By simply picking up the phone, a user may inadvertently flag themselves as a “high-value target” for future, more complex attacks.
The Economy of Active Phone Lines
According to the police, once a user answers a ghost call, the system automatically registers that number as “active.” This confirmation transforms a random string of digits into a verified lead. These verified lists are then compiled into specialized databases that possess significant value on the dark web or among criminal networks.
Once a number is marked as active, it can be sold or utilized for several types of fraudulent activities. The most common trajectory involves the transition from a silent call to an active “vishing” (voice phishing) attempt. In these scenarios, criminals call back, this time posing as bank representatives, government officials, or technical support agents to steal sensitive information.
Beyond individual targeting, the police noted that these tactics are also deployed against corporate entities. In a business context, these automated systems are used to saturate customer service lines, creating bottlenecks that distract staff and leave the company vulnerable to other forms of cyber-intrusion or operational chaos.
The Danger of the Word ‘Yes’
One of the most alarming aspects of the police alert involves the specific language used during these interactions. Authorities have cautioned citizens against answering questions with a simple “Yes” (SÍ) when dealing with unknown callers. The concern is that criminals may be recording the user’s voice to capture a clear “Yes” affirmation.
In some fraudulent schemes, these voice snippets are spliced together or used in automated systems to authorize unauthorized transactions, change service plans, or grant access to accounts that use voice recognition as a security layer. To mitigate this risk, the police recommend substituting “Yes” with neutral terms such as “OK” or “Understood” (Entendido).
This warning highlights a shift in criminal methodology, moving from simple deception to the theft of biometric data. When combined with the “ghost call” reconnaissance, the danger evolves from a nuisance to a direct threat to financial and personal identity.
Defensive Measures and Digital Hygiene
To combat this trend, the Colombian National Police have issued a set of strict guidelines for mobile users. The primary defense is a change in behavior: if a number is unknown, the safest course of action is to remain silent. If the caller does not speak immediately, the user should hang up without initiating the conversation.
Beyond behavioral changes, authorities suggest utilizing technology to create a buffer between the user and the caller. Installing reputable call-identification applications can help users see if a number has already been reported as spam or fraud by the wider community before they decide to answer.
For those who do engage in a conversation and find themselves targeted by someone claiming to be from a bank or mobile operator, the police emphasize a zero-trust policy regarding personal data. The following table outlines the critical “red flags” and the recommended responses provided by law enforcement:
| Scenario | Criminal Tactic | Recommended Action |
|---|---|---|
| Unknown number rings | Active line verification | Remain silent; hang up if no one speaks |
| Caller asks “Can you hear me?” | Voice recording for fraud | Avoid saying “Yes”; use “OK” or “Understood” |
| Claim of being a bank agent | Vishing / Identity theft | Never share passwords or personal data |
| Request for SMS code | Account takeover | Never share authentication codes |
The Broader Impact of Identity Theft
The endgame of these ghost calls is often identity theft, a crime that can have long-lasting financial and legal consequences. Once a criminal has a verified number and potentially a voice recording or a leaked authentication code, they can attempt to bypass two-factor authentication (2FA) on banking apps or social media accounts.
This systemic approach to crime—starting with a silent call and ending with a drained bank account—demonstrates why the police are treating these “minor” occurrences with such gravity. The ghost call is not the scam itself; it is the intelligence-gathering phase of a larger operation.
For those who suspect they have been targeted or have inadvertently shared information, the Policía Nacional encourages reporting the incident through official channels to help map the numbers being used by these organizations.
Disclaimer: This article is for informational purposes only and does not constitute legal or professional cybersecurity advice. Always refer to official government and law enforcement portals for the most current security protocols.
As cyber-criminal organizations continue to refine their social engineering tactics, the police are expected to update their public warnings as new patterns emerge in the data collected by the Dijín. Citizens are encouraged to stay vigilant and keep their device software updated to benefit from the latest security patches.
Do you have experience with these “ghost calls”? Share your thoughts and experiences in the comments below to help others stay informed.
