Tag: Featured

As if the worry of whether or not their power lines could withstand the madness of Hurricane Lane these past few weeks, Hawaii’s Electric companies, just can’t get a break as scammers are now targeting Hawaiian Electric, Maui Electric and Hawai’i Electric Light, by demanding payments in bitcoin, a digital currency, or else their services will be shut off.

“The Hawaiian Electric Companies urge their customers that as all other US utilities, the companies do not accept bitcoin as a form of payment.  According to Utilities United Against Scams, earlier this month a rising surge of bitcoin scammers began targeting utility customers on the US mainland, demanding bitcoin to pay supposedly “past due” bills,” reported Maui Now.

How the scam works is victims will receive a call with a callback number and automated prompts, which are also used by legitimate Hawaiian Electric companies. They then will provide a QC code to scan for payment at a bitcoin machine, which will then convert dollars into the digital currency.

To avoid becoming a victim of this scam, Maui Electric would like all customers to follow the tips below:

  • Any calls demanding immediate payment from Hawaiian Electric Companies over the phone or via prepaid debit cards or bitcoin are scams.
  • Callers asking to meet for payment or providing directions to a bitcoin machine are scammers.
  • Callers who make threats of discontinuing services unless payments are made immediately are scammers.
Read Full Article

With the first day of school just around the corner, it seems like scammers ended summer break early as they’ve already gotten a head start on targeting college students with a number of back to school scams.

To help prevent you ambitious students with any additional stress this school year, here’s a list of the most common scams that are targeting students this 2018 school year:

Federal Grant Phone Scam
The government grant scam lures studnets in with a few questions that may qualify them for a grant. The questions may seem innocent up until they throw the victim a curve ball requesting that they give them financial information so they’re able to deposit the so-called grant into their checking account.

Student Loan Scam
Student loans are inevitable, so finding a victim is pretty easy for scammers. Preying off their vulnerability, scammers are able to dupe victims into handing over their private and financial information with promises of debt relief.

Student Tax Scam
Just when they least expect it, students may receive a “call” that has slapped them with an additional “federal student tax” related to either their student loan, taxes, or even an overdue parking ticket. If payment isn’t wired immediately, they’ll be reported to the police.

Roommate & Rental Scams
Craigslist has been a source for finding roommates for quite some time now, and scammers are taking advantage of the mass amounts of students who rely on the service to find the ideal living situation. The most obvious red flag for scams like these is a conveniently located apartment at a very low rate. For those who unfortunately fall for this, they can become victims of fake background check services, credit report sites stealing personal information, or additional unnecessary fees to the landlord.

Social Media & Phone Survey Scams
A majority of survey scams start with a social media post or phone call promising an unbelievable prize from a raffle or survey you may (or may not) have entered. As one racks their brain wondering what they may have unknowingly entered, one can’t help but feel that what they’re offering is too good to be true. If one gets that gut feeling, it probably is. These scams are out to steal personal information, or requests for payment before you can receive your prize.

Here’s how you can protect yourself:

  1. Stay up to date on the latest scams that are trending. Keeping yourself informed will make you less of a target and more prepared when scammers call.
  2. If you receive an unexpected call requesting you share personal or financial information, or that you need to make payments immediately, hang-up. Verify that the call is legitimate by calling the official number of the institution they claim to be from.
  3. If you’ve been victimized or have received a call similar to any of the scams above, please report the scam to the FCC to help raise awareness and prevent your peers from becoming the next victim.
Read Full Article

Last Friday, the United States Department of Justice announced that “21 members of a massive India-based fraud and money laundering conspiracy that defrauded thousands of U.S. residents of hundreds of millions of dollars were sentenced this week o terms of imprisonment up to 20 years.”

Targeting immigrants and the elderly, the scam artists used the oldest trick in the phone scam book, the IRS scam. They threatened consumers of arrest or deportation for tax violations, spoofing caller I.D. as the U.S. Government to guarantee victims would pick up, along with offering grants or payday loans linked to a borrower’s paycheck, requesting victims pay a fee upfront before they receive the loan.

The 21 scammers were in eight states – Illinois, Arizona, Florida, California, Alabama, Indiana, New Jersey and Texas. And in addition to these individuals, 32 contractors in five call centers in Ahmedabad, India, were indicted on wire fraud, money laundering and other conspiracy charges as part of the scheme.

Since the beginning of this year, Hiya seen a drastic increase in the IRS scam. From January to June there has been 703% growth.

The following are the top 10 most reported area codes related to the IRS Scam:
1. (202), Washington D.C.
2. (646), New York City
3. (631), New York
4. (315), New York
5. (206), Seattle
6. (607), New York
7. (518), New York
8. (585), New York
9. (585), Washington State
10. (347), New York City

Despite this wave of scammers fortunately being caught, we should always prepare for the next phase of scammers who will find their way back to our phones. Here are some tips on how you can avoid being the next IRS scam victim.

Read Full Article

As the heat rises this summer, so are the number of robocalls! Increasing by a billion from last quarter, we most recently found that in the second quarter of 2018, 5.9 billion robocalls were placed in the U.S. alone.

But along with the growing number of robocalls, was the Neighbor Scam that has now began spoofing not only the first six digits of a consumer’s phone number, but the first five, four and three digits. Compared to Q2 last year, scammers focused on the first five digits this past quarter which had a growth increase of 1675%.

Learn more about Hiya’s Robocall Radar findings for Q2 2018 by clicking the image below for the full report:

Robocall Radar Q2



Read Full Article

The Apple Worldwide Developers Conference (WWDC) took place last month, and was full of new software. In recent years, Apple has used the conference to focus on updates to their main four platforms: iOS, macOS, tvOS, and watchOS. This year was no exception. Although there were many exciting announcements across these platforms, I will be talking about just one for iOS and watchOS: Siri Shortcuts.

A shortcut is a new abstraction that represents an action a user performs in an app. Shortcuts can be understood by apps, Siri, and users. Let’s dive in to how each of these understands and interacts with shortcuts.


Apps are responsible for registering and defining shortcuts that can later be used by Siri and users. From an app’s perspective, a shortcut is a wrapper around either a user activity or an intent.

A user activity represents the state of an app at a moment in time. These have been used for some time and are not new to iOS 12. Other features, such as Handoff and Spotlight, also use them. New in iOS 12, shortcuts will be implicitly registered for these user activities and seen throughout the system. This means user activities can be used by Siri and users for many of the new use cases without developers needing to change anything. There are, however, a few use cases that must be enabled explicitly by developers.

When a user uses Siri to make a request to an app, this request is called an intent. Like user activities, these are also not new to iOS 12. Traditionally, these intents have been limited to specific domains including messaging, ride booking, and payments apps. In order to register shortcuts for these intents, an app must “donate” an interaction a user makes with an intent. For example, a ride booking app can donate a ride request intent to Siri whenever a user requests a ride in the app. This registers a shortcut for the intent that can now be understood by the rest of the system.

New to iOS 12 is the ability to create custom intents that do not belong to any of the predefined intent domains. These can also be donated, resulting in shortcuts being created for them. Unlike the domain-specific intents, custom intents have no other capabilities beyond shortcuts.

Apps can also tell Siri about relevant shortcuts that a user may perform in the future. For example, a meditation app may suggest to Siri that the user has a daily meditation routine every morning. Siri can take this information, along with other shortcuts donated by apps, to make suggestions to users.


Once shortcuts have been donated by apps, Siri can suggest relevant shortcuts to users from either the recommendations an app gives ahead of time or by learning from donations. This is called Siri Suggestions. They can appear either in notification center or on the lock screen.


Because of how apps donate shortcuts when the corresponding action happens in an app, Siri can take the surrounding context to learn the appropriate times to suggest a shortcut to that action in the future. Possible signals include time of day, location, motion, etc. Of course, this is all done on-device. Nobody, including Apple, can track the shortcuts being suggested to or actions being taken by a user.

After just a few days of using Siri Suggestions, I stumbled across a great use case. I often watch an episode of TV in the evenings, usually around the same time. I also use a website to track the episodes I have seen and see my progress. After the episode ends, I normally open the website on my phone to mark the corresponding episode as seen. Siri quickly learned this and started suggesting to me to open the website around the time I normally end an episode. It most likely learned this from just the time of day, but it may also recognize that I am sitting at home.

Siri Suggestions currently only works for built-in apps in the iOS 12 beta. I also have yet to see any lock screen suggestions. The possible use cases are obviously much more interesting when Siri can start suggesting shortcuts to actions in third-party apps. And as with many new technologies, most of the exciting use cases cannot be seen ahead of time. Nobody, including Apple, can foresee everything Siri will learn about its users. Only time will tell how useful these suggestions are.


For the more tech-savvy, power users, iOS 12 also includes a few ways for users to interact with shortcuts on their own.

Users can assign Siri voice commands to any shortcut. This can be done either in the Settings app or inside a third-party app. Apps also suggest phrases to users for their shortcuts. These voice commands are currently the only way to use custom intents with voice, something that has caused a lot of confusion among developers. This does not allow apps to integrate their own voice commands with Siri. Every command must be explicitly enabled by the user.

Apple will also be releasing a Shortcuts app in the fall. This will allow users to compose shortcuts from multiple apps and create powerful workflows. These workflows can also be assigned voice commands. The Shortcuts app beta is currently available to a limited number of developers, so I have not had the chance to use it. But, this appears to be the most powerful automation tool that Apple has ever brought to iOS.

Whether you are a developer or end user, I hope this quick guide has given you a better understanding of Siri Shortcuts and the potential new use cases it may bring to iOS and watchOS. Keep an eye out for how Hiya may take advantage of Siri Shortcuts in the future!

Read Full Article

Members of the Hiya team gathered last week at Seattle Business Magazine’s Annual Best Companies to Work Celebration. Hiya was recognized as one of Washington’s 100 Best Companies to Work For, coming in at number 22 in the small companies category.

The evening was spent celebrating with 1200 industry leaders. Hiya, along with other companies received this prestigious award based on the employee satisfaction survey–which included questions focused on work environment, perks, work-life balance, recognition, and many other factors.

We were honored to have our employees there to celebrate, as they are what got us there! Hiya was recognized as one of the top small employer’s in the state – and we couldn’t be more thrilled! We’ll be back next year…


Read Full Article


In this post, we’ll be exploring the default blocklist provided on the native Phone app. We’ll discuss how apps can access the blocklist, restrictions on the blocklist and how it’s been implemented.

Baby got blocked 🎵

What is the default blocklist?

The default blocklist provides a light UI to add and remove numbers that you don’t want to receive calls or texts from. Users can add numbers by typing in a number, or by directly blocking/unblocking a number from the caller details page.

Some background

Prior to Android Nougat (7.0), Android users relied on downloaded apps to restrict calls and texts from nuisance phone numbers.

According to Google, “Many of those apps either do not work as desired or provide a less-than ideal experience because there are no proper APIs for blocking calls and messages.”

With the introduction of a BlockedNumberProvider in Android Nougat, users can add numbers to a list of phone numbers that they don’t want to receive telephony communications from (calls, SMS, MMS).

Perhaps there are finally proper APIs for blocking calls and messages! Let’s explore this further:

Accessing the default blocklist

Block phone numbers data flow

The diagram above shows the flow of how applications can access the default blocklist.

  • Any application can launch an intent to the Telecom UI to access the default blocklist. This Telecom UI is the same UI as shown in the screenshot above.
  • Only the default messaging app, default dialer app, or any carrier apps can access the default blocklist.

Huh? So only a few applications can read and write directly to the BlockedNumberProvider? Doesn’t sound like an open API to me. Let’s see if there are any permissions to circumvent this data flow:

Blocklist Permissions

In Android access to system APIs and user sensitive data usually requires permissions. Permissions are divided into several protection levels:

  • Normal: These permissions are granted automatically (accessing internet for example)
  • Dangerous: These permissions require explicit user approval (accessing the camera, or microphone)
  • Signature: These permissions are automatically granted, but only if the app that is using this permission is signed with the same certificate as the app that defines the permission. These permissions are typically not granted for apps that can be downloaded from Google Play.

After looking over the permissions overview on the Android developer site, there doesn’t seem to be a permission that allows an application to read/write to BlockedNumberProvider. However, according to the Block phone numbers data flow, there must be a way for certain applications to read/write directly to this provider.

Let’s dig deeper.

Down. Down. Down.


The Android platform is open source. AOSP allows device manufacturers to implement their own custom versions of Android, tailored to their needs. This is why every Android device has a slightly different UI flavor. The underlying functionality for all devices is the same, but presented in a different way per device.

What does this mean?

We can browse the source code and figure out how only specific applications are accessing the blocklist.


In AOSP, we can find a list of all the permissions on the Android platform. Here are the permissions to read/write to BlockedNumberProvider:

  • READ_BLOCKED_NUMBERS: A signature level permission
  • WRITE_BLOCKED_NUMBERS: A signature level permission

Huh. Usually, signature level permissions are only granted to apps that come shipped with devices by default, not downloaded apps.

It appears there is no way for us to get access to these permissions through normal means.

More Exploration

For exploratory purposes, let’s assume we can somehow get these permissions. What other capabilities can BlockedNumberProvider offer?

Since BlockedNumberProvider is a ContentProvider, we can use a ContentObserver to monitor the provider for onChange() events. These events are fired when the content provider changes, so that apps can perform actions based on the change.

One possible use case for ContentObserver is to show after-call notifications after a user ends a call. When the phone call ends, we can monitor CallLog.Calls.CONTENT_URI to receive an onChange() event indicating that a change has occurred. From there, we can query the ContentProvider for call logs and figure out the change and display the appropriate notification.

Can we receive onChange events for BlockedNumberProvider by monitoring BlockedNumbers.CONTENT_URI? Sadly, no we cannot.

Usage of the API

The insert() method returns a modified URI, that is not the URI passed in as an argument. The notifyChange() is called with this modified URI.

The delete() method uses this same modified URI. The notifyChange() is called with this modified URI.

Therefore, it’s not possible to use a ContentObserver to monitor the BlockedNumbers.CONTENT_URI for onChange() events, which seems like an intentional decision to limit usage of the API to third-party apps.


For third-party apps, BlockedNumberProvider simply does not provide an open API for developers to block calls and messages, which is a shame considering the open source nature of the Android platform. Developers have been waiting for this feature for quite some time and although Google provides a solution, it has limited use cases and is not meant for other applications to use.

With Android P on the horizon, perhaps this will change. At Hiya, we certainly hope so!

Read Full Article

The Neighbor Scam is a tactic phone fraudsters use to mimic (also known as spoofing) the first six digits of a user’s phone number — the area code and the following three digits — to trick consumers into picking up the phone thinking it’s a neighbor or nearby business calling.

Since the beginning of the year, the Neighbor Scam has made up 56.7 percent of all phone scams that Hiya users have been flooded with in 2018. The number of spoofed calls keeps growing now that scammers have moved on to also spoofing the first five, four, or three digits in the hopes of getting consumers to pick up what appears to be a neighbor’s call.

The data we collected through May also identified the most common area codes being spoofed in the Neighbor Scam:

  1. 602 – Phoenix
  2. 214 – Dallas
  3. 832 – Houston
  4. 210 – San Antonio
  5. 404 – Atlanta
  6. 678 – Atlanta
  7. 704 – Charlotte
  8. 702 – Las Vegas
  9. 623 – Phoenix
  10. 407 – Orlando

Despite it being called the Neighbor Scam, it does not have it’s own particular way of scamming but is more so a technique used to make scam calls we’re all too familiar with (i.e. IRS Scam, Robocalls, Political Scams, Telemarketers).


Here are ways you can prevent yourself from becoming the next victim of the Neighbor Scam:

•Despite a number looking local, if you do not recognize it, don’t pick it up and send it straight to voicemail. Anyone who is trying to get a hold of you will leave a voicemail or text.

•If a caller demands immediate payment for services or debt collection that you are not aware of, do not share any personal or financial information and hang-up immediately.

•If an offer sounds too go to be true (i.e. free vacation, interest rate adjustments, refinancing debts), go with your gut feeling because it probably is.

•If you have been a victim or have been targeted by the Neighbor Scam, report the number to the FCC immediately.


Read Full Article

In the FCC’s mission to stop the scourge of robocalls affecting consumers across the nation, they’ve successfully issued a $120 million fine on one of the biggest robocall spoofing operations.

Despite the efforts to defend himself and the over 100 million robocalls he made over a time span of three-months, Adrian Abramovich, ran a vacation scam that tricked consumers into answering calls and listening to his sales pitch. The fine was based on 80,000 spoofed calls that the FCC was able to verify.

The FCC originally filed a complaint against Abramovich in June 2017, alleging that he had broke the Truth in Caller ID Act of 2009, which does not allow callers from spoofing information to disguise their identity with intent to defraud, cause harm, or wrongfully obtain anything of value.


Read Full Article

With over 300 million customer accounts for the picking, it’s not a surprise that scammers have been targeting Amazon sellers and customers.

Amazon Sellers Beware

Scammers are actively calling Amazon sellers to access their personal accounts. Sellers are asked to log into a fake site with their username and password. This then gives scammers access to their information and account. Scammers will have the ability to damage the seller’s name and reputation by listing fake products, changing their existing offers, and transferring payments to their own accounts.

Amazon Customers Aren’t Safe Either

A popular scam targeting customers, are fraudulent emails from Amazon Customer Service. Amazon customers will receive an email notifying them of questionable Amazon login activity. The email requests that they call an 800 number to reset their account. When the victim calls the number, the scammer directs them to a fraudulent website. The customer is then asked to enter their email address, a code provided in the email, and their Amazon login credentials. Unfortunately, this provides scammers access to the victim’s account, giving them the ability to make fraudulent charges and access to personal information.

Customers should also watch out for Google and Bing search results pulling up fake Amazon customer support phone numbers. When the victim calls the “so-called legitimate toll-free number”, a scammer claims to be an Amazon Customer Service agent. Similar to the fraudulent email scam, they will direct the customer to a malicious website and request they enter their email address, provided code, and Amazon login credentials.  Once again, the scammer now has access to the victim’s account and personal information.

Avoid Becoming A Scammers Next Victim

Here are a few tricks and tips to help you from becoming a victim of any of these Amazon scams:
•Confirm that you are calling a legitimate Amazon number
•If you receive an unexpected call from Amazon requesting personal information, do not give out your Amazon password, credit card number, or financial information.
•If you receive an unsolicited email, do not reply with personal information.
• Never use Amazon.com Gift Cards for payment outside of Amazon.
•Do not provide any gift card details (like the claim code) to anyone you do not know or trust.
•Avoid payment requests for Amazon.com Gift Card claim codes.
•Avoid payment requests to guarantee transactions.
• Avoid offers that seem too good to be true.


Read Full Article