Don’t Get Tricked Bro: How to Identify Phone and Internet Phishing

source

The particulars of phone scams, aka phishing, aren’t terribly complicated. But they are easier to fall for than you might imagine, because of how good phone scammers have gotten at imitating the IRS, the police or whoever else.

It’s called phishing because when you fish, you utilize a lure that fools the fish into thinking it’s a real smaller fish or insect. It creates the airtight appearance (to the fish) of something legitimate, when in fact it’s fake, and a trap. You don’t need to fool every fish; even if only a small percentage fall for it, that’s your dinner. Phishing works the same way.

It comes in two forms: Phone scams, and on the internet. In the phone version, somebody will call you, often asking for you by name. They got your name and number from data mining, as unscrupulous companies often sell huge lists of personal information that are then made use of by spammers and phishers.

They might claim to be from the IRS, insisting you have overdue payments and asking for your credit card information. They might say if you don’t pay over the phone, they will send police to your house. Of course this is nonsense.

The IRS does not operate that way and will never call you about late payments. Government agencies in general do not operate this way. Likewise with the Publisher’s Clearing House scam, another form of phone scam I will discuss on here soon.

A good way to trip them up is to ask them right away “Who are you calling me on behalf of?” They aren’t accustomed to that. They go to great lengths to sound professional and legitimate, often to the point of playing ambient call center/office noise in the background, so you’ll assume they’re somebody you should entrust with sensitive information.

They also start out by asking you, upfront, if they’re calling the right person so as to establish the pattern of them asking for information and you mindlessly supplying it.

You can flip the script by asking them questions about their identity, and not relenting. Don’t just ask them “who is calling”, because the individual on the other end will try to get around this by supplying their own name, when of course that’s not what you were asking for. Specifically ask them what organization they represent.

If they are phishers, they won’t want to answer this and will try to bulldoze ahead, pressuring you to simply go along with their script and give them your payment information. If they were legitimate they would have no qualms about telling you who they represent.

This is only if you care to be absolutely certain whether they’re trying to scam you. You can also just hang up the minute they either will not reveal who they represent, or ask you for payment information, probably the wiser option and more efficient use of your time.

That brings us to the internet equivalent of the phone scam, “phishing”. This time instead of trying to sound like a legitimate, official organization you should trust with sensitive info over the phone, they will try to create the appearance of a legitimate website so you’ll trustingly put your login information, payment information, etc. into it.

This has happened to me over on Steemit. (If it happened on Steemit, it could happen on Medium!) Users I didn’t recognize notified me that my work had been plagiarized, and linked me to a copy of my work on a Steemit-like website. Usually “steemiv”, or “steemiz”, something like that. After a moment, a popup will come up asking you to put in your login details.

Naturally you’d be in a hurry to do this because you want to comment on the stolen article, scolding that user for plagiarizing your work. NOT SO FAST. The fake imitator site was set up exclusively to trick you into putting in your precious, secret login info, which will then be used to steal any accessible money that can be gotten at this way, and even lock you out of your account.

See above. Notice how legit everything looks. And the auto form filling feature in most modern browsers makes it all too quick and easy to hastily fill out the username and password fields, before you’ve taken a minute to think about it. The instant you put in that info and hit enter/click “Login”, it’s too late to take it back.

The only thing they can’t fake is the URL. There will always be some difference in it, if you look closely. A good rule of thumb is to always stop and think hard about what you’re doing whenever you’re about to give anybody sensitive information, either over the phone or over the internet.

Are they an organization which typically accepts such information over the phone? Google that and make sure. Will they tell you what organization they are calling you on behalf of? Is the website really the one you think? Study the URL to make sure, and Google to see if there have been any recent phishing scams involving that site. You can’t be too careful these days.

Follow me for more articles about how to avoid scams!

I post text here, often accompanied by images and sometimes video. People then clap or don't depending on whether they enjoy what I posted.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store