When In Doubt, Hang up the Phone

You might think you have a good radar when it comes to scammers. Maybe you know to watch out for phishing emails, or that you should never click a link on a strange text message.

But modern scammers are clever. They’ll employ all kinds of tactics to trick you into thinking you’re dealing with a legitimate representative, not someone who wants your information or money. That’s why phone calls can be so effective—and so dangerous.

A phone call can feel official, especially when you see a name or number you recognize. That’s why social engineers are relying on phone calls to convince targets that they are trusted authorities. Imagine this: You receive a call from someone claiming to be a representative from your bank. They’ve noticed some unusual activity on your account, and they want to confirm some details to make sure you’re the one behind the account. Maybe you’ve ever had some fraudulent activity recently, which makes the phone call from the “bank” seem logical.

The representative on the phone wants to make sure your recent login was really you, so they ask you to confirm the code being sent to your phone. You read them the code, but the next thing you know, the call is over, and you’ve lost control of your bank account. The scammer really wanted your account’s MFA code, not to confirm your login, but to log in themselves. (This is why you should never give out your MFA code to anyone, even a trusted organization like a bank.)

Many phishing calls go down this route—building your trust, so you will work with them to hand over important account or personal information. It happens every day, even when certain companies, like Apple or Google, almost never call customers directly.

It’s always okay to hang up the phone

While legitimate organizations do still make phone calls to confirm important information, remember this: There is no situation in which you cannot hang up the phone and call back yourself. If you’re being asked to provide sensitive information, and you did not make the call, it’s always okay to hang up, locate the number yourself, and call directly. If the call was real, the company or organization will know what you’re talking about, and can help you proceed. If it wasn’t, they’ll likely let you know there is no record of a previous call, and you’ll know it was a scam.

When calling a company back, always locate the number yourself: never rely on the number they called you with. When looking the number up, be careful to visit legitimate websites with updated contact pages. Some scammers will create fake websites with fake support numbers, hoping to trap people into calling them rather than the company they’re looking for.

In addition, don’t trust caller ID: Scammers can “spoof” another phone number, to make it look like their call is coming from a trusted company. But just because you see a name or number you trust appear on your phone, don’t assume the rep is working for the company they say they are. When in doubt, hang up, and call back directly.