It happens often, and it seems like common sense. But, how often have you been called by your loan company, or your phone company, or your insurance company, or internet company, and that call has started with something like:
“Hello, this is Sandra from Comcast calling about your account. Before going any further, for your security, please verify the last four digits of your social security number.”
And then you just tell them.
This is insanely easy to spoof. It doesn’t matter if you have legitimate business with the company, or if you owe them money. It doesn’t matter if you’re worried that ignoring them will “make them angry” or anything like that. It doesn’t matter if the caller ID matches the number you expect it come from.
Even these simple phone calls should be refused.
“I do not give out any personal information to someone who calls me. I have no way of verifying who you are, or if the phone number has been spoofed. Please tell me what matter this is about, and I will call the number posted on your company website to discuss it.”
If they refuse, then hang up. If you are worried, then call the official number anyway and tell the representative that you just received a call that got disconnected, and you’d like to know what the call was about.
Do not let them make you feel crazy. Do not let them make you feel paranoid. Do not give in no matter how reasonable it may seem.
Once, I was 45 days late on my car payment. They obviously called me about that. They always tried to verify. I always refused. This didn’t result in anything extra on my credit, this didn’t result in anything worse for me, it didn’t make them pursue legal action. It didn’t affect my future customer service with them.
I simply called back on the number that I usually contacted them, then verified who I was, then I explained my situation and when I planned on bringing my account back up to date.
Never, ever, ever give out any Personally Identifiable Information on a call unless you made the call and you trust the other party. This includes, but isn’t limited to:
- Full name
- Drivers license
- Bank information
- Credit card information
- Payment history information
- Current balance information
- Connect/Disconnect dates
- Account numbers (even for non-financial accounts like your electric company)
- Tax information
- Employment information
- Names of relatives
- Names of people you live with
Don’t give any information to someone who calls you and claims to be with a company that has business with you.
I should note, this includes calls from a government agency that calls you, such as a tax authority, a licensing board, or a welfare agency. No government agency is going to throw you in jail for refusing to give personal information over the phone in nearly every country on the planet.
This also includes asking them questions which reveal personal information. Such as, “do you have my new address?” or “Did you send an email to [address]?” or “What was the amount I paid last month?”
You might ask these questions in an attempt to reverse it and make them verify themselves. But even questions like the last example above give away information you don’t want a scammer to have. You don’t want a scammer to know for sure that you have made payments to a specific company, you don’t want them to know you recently changed addresses, you don’t want them to know your email address.
This is why, as I said above, you should hang up instead of trying to make them verify who they are. This is true even if it’s from a company you know you do not have business with. If you get a call “from Comcast” about your account, but you have a different provider, don’t let the caller know that you don’t have a Comcast account, and don’t let them know who your provider actually is. Tell them the same thing you would tell them if you did have an account:
“What is the matter about so that I can call the normal customer service line and discuss it?”
This is true even if they volunteer some kind of verification. A scammer might know the last four digits of your SSN, or know the last four digits of your credit card, and then leverage than into getting more information from you. It doesn’t matter what they say, or what they provide as proof. You still never give out personal information over the phone unless you made the call yourself.