Red Flags
To determine if this was the case, they wanted to verify some things for further investigation. They started asking questions and wanted my name and bank account number. Somehow, they knew my number was a business number, so they asked for my personal phone number. The conversation quickly started to feel very uncomfortable and suspicious, and I asked for their name. They responded that they were from Amazon and were investigating my PayPal account breach. That's when my alarm bells went off.
They kept insisting they needed the information to report to senior managers about this incident. I told them I couldn't provide any information and said I would inform the security department to initiate an investigation. Silence on the other end, and then they hung up...
Spoofing?
Spoofing is used as a tool in phishing campaigns. We talk about spoofing when something or someone tries to assume a false identity and pretend to be something or someone else. With phone spoofing, the person being called sees a different phone number than the actual number of the caller. (Source: NCSC)
False identity
Phone scammers often hide their identity by using illegal spoofing techniques to send false information to your caller ID. To deceive you, spoofers may use local area codes that look familiar. In this case, the number was very similar to my office number. They might also claim to be a company you do business with, such as a customer, colleague, local service provider, or even a government agency.
Practical tips
You can't always immediately tell if an incoming call is spoofed. So be extra careful with requests for personal information. Here are some tips:
- Avoid answering calls from unknown numbers. If you do answer and don't trust the caller, hang up immediately.
- If you answer a call and the caller (or a recording) asks you to press a button to stop the calls, just hang up; don't press any buttons. Scammers often use this trick to identify potential victims.
- Don't answer questions, especially those that can be answered with yes or no.
- Never give out personal or financial information, such as account numbers, Social Security numbers, your mother's maiden name, passwords, or other identifying information in response to unexpected calls or if you're at all suspicious.
- If someone contacts you claiming to represent a company or government agency (this could even be a customer), hang up and call the number on your bank statement, in the phone book, or on the company's or agency's website to verify the authenticity of the request. You usually receive a written notice before getting a call from a legitimate source, especially if the caller is asking for payment.
- Be cautious if there's pressure to provide information immediately. Scammers often try to play on your emotions or fears by pretending that it involves authority involved or that you're in danger. Don't let them rush you!
- If you have a voicemail account with your phone service, set up a password. Some voicemail services allow default access when you call from your own phone number. A hacker could spoof your number and access your voicemail if you haven't set a password.
- If you think your phone has been compromised, contact the ServiceDesk of your company. They may be able to offer call blocking tools, recommend apps you can download to your mobile device, or set up controls to manage your device or apps.
- Remember to check your voicemail regularly to ensure you don't miss important calls and to delete spam messages that might fill up your voicemail box.
