Attempts of phishing via phone calls is all too common, this is where you will receive a phone call from someone who is trying to impersonate a creditable source. Many of these attempts are centred around trying to get you to give up sensitive information such as passwords or PIN numbers. No company will ask you to hand over sensitive data over the phone or by email, if they require you to reset a password, they will send you a link to a secure page on their website in which to do so. Never give any individual person any passwords or PIN numbers. However, even if you refuse to give up your information, the scammer may try to threaten you into giving it up.
They commonly do this by saying “that your account will be permanently deleted” if you do not reset your password through the person on the other end of the phone or through a link they provided. This is a form of social engineering, using threats or threatening language to create a panic in your mind and make you feel as if you must adhere to what they say. This type of language and behaviour would not be tolerated at an established company as it is forceful and coercing customers into doing what that company says. A good way to sniff out a phishing phone call is to be inquisitive, ask them questions regarding the business, increasingly getting more specific with each one.
Typically, the scammer will try to avoid these questions because they simply do not know the answers, this is a tell-tale sign that the person you are on the phone to is not who they say they are. If you have any doubts about who you are speaking to, a reputable business should not mind if you hang up on them and call them back using their official number on their website, this way you can be sure you know who you are speaking to. You should be wary of someone that tries to defer you from ending the call or calling them back on an official number, if they work for the company, they say they do, there should be no issues with this.
If this is the case hang up the phone and try calling back the official number for that business using another phone, the reason for this is that scammers can keep the phone line open on their end, even if you hung up on them, they could still hear you. If you cannot use another phone, wait 10 minutes until you call the official number. This is because usually after a couple of minutes of no chatter or no attempt of another call, the scammer would give up.
In addition, there are some easier attempts to spot a phishing attempt, such as a caller claiming to be from BT, for example, and they are enquiring about your broadband package, but your broadband package could be with a different provider like Sky or Virgin Media. These may seem genuine, harmless phone calls however, a company in this field has the resources it needs to look up the contact information for all its customers, therefore, they should only be calling those that are already on their registry.
These attempts are easier to spot, but the scammer is ultimately calling multiple people and hoping that at least one person is tied to the company that they are pretending to be. If they call 100 people a day using the same method as above, 99 people out of that 100 may either spot what is going on and terminate the call or they are with an alternative broadband provider and hang up, but that 1 other person could be a customer to that specific company that is being impersonated and were not able to pick up on any other clues and in turn go ahead with the certain request to give up personal information, or whatever it may be. Ultimately it only takes 1 person to give up their sensitive information for a phishing attempt to be successful.
For more information on this you can visit the Equifax website:
Article by Jack Kiddy