I recently responded to a threat event in my own home! My mother came to me with a very rude sounding man on the phone telling her that this uber hacker was actively draining $2000 USD from her account and if she didn’t act immediately it would be too late to foil the plot! Now “acting immediately” meant sending money to a not so cleverly disguised third account that seemed to have her name on it. Thankfully I’ve repeatedly warned my mother about scumbags like this so when she wasn’t sure if it was a legit call or not she came to me.
The first thing I did was to have the scammer relay all the information and the actions he wanted to be taken to resolve the situation just like he tried to scam my mother he tried his luck with me and I immediately noticed several things were off.
Mainly that he was using authoritative and urgency tactics to try to convince me of his legitimacy. He had me take note of the number he was calling from and sure enough it was the 800 number listed all over for my mothers (VERY BIG btw) chain of banks. That’s how he convinced my mother in the first place. Knowing numbers can be I then called the 800 number from my own phone and made sure he could hear I was calling the customer service line. That’s when the mask slipped off and he got angry that I would be wasting his time and the call centers time as he was already on the phone with us to deal with this fraud problem. I then reminded him that he was trying to pretend to be a customer service representative and that kind of behavior wasn’t building confidence. By this point he knew the game was up and hung up line and my mom and I made a report to the bank since we already had them on the line.
So what are the lessons learned here?
Make sure the more vulnerable people in your life have just one line of scam protection repeated to them enough that it sticks in their head. “Nothing is urgent enough to not just hang up and call the listed customer service number for assistance.” It’s really that easy. just like you probably have mentioned not to click on links in an email and instead go to the known website to check for issues. It’s the telephone equivalence of the same internet tactic to help keep less tech-savvy friends and family safe.
Don’t wait for something to happen before teaching good base level security techniques. They might not know what social engineering is and the in-depth of tactics and techniques used by threat actors to trick targets. But knowing that one customer service rep you know you called can help you just as easily as this clown on the phone that you can’t verify can could save someone you know from getting scammed.
Cheers everyone and thanks for reading! If you have any good stories about close calls or attempted scams, or maybe a better mitigation then I’ve thought of, please leave a comment below!!