Entry bubble I got phished!

By: Sommer | October 19, 2007 | Category: General

It finally happened to me, I got "phished" or "vished" -- whichever you prefer. I never thought it would happen to me since I've been giving the public information about protecting themselves from phishing and ID theft for years. It sure is different to be the one faced with fending off the crook, though.

So, here's my story: 

A couple weeks ago I was driving home from our office picnic when my personal cell phone rang. I usually don't answer if it's an unknown number, but for some reason I fishing polepicked up anyway. A woman with a syrupy southern accent started the conversation by saying she was from the State Department, she then told me I was using a cell phone number the government was paying for and nicely asked me to provide all the information about myself I possibly could that might help her "resolve this issue."

My first instinct was to help the woman out.  My heart had started beating like crazy as I wondered what I had fouled up this time.  I just wanted this situation resolved ASAP.  I mean, who wants the State Department on their case?  Then, my red flags started going up.  Why would the State Department call me directly instead of calling the cell phone company to ask about the bill? And, if  the State Department really wanted information about me, couldn't they get it another way, like send me a certified letter on government stationary? Besides, I pay the bill for that phone number every month, how could they be paying it, too? Whew, I finally had my wits about me and I hadn't given up any of my personally identifiable information (she already had my name and cell number).

With that brief moment of panic behind me, I kindly and firmly replied that unless she could prove what she was saying I had every reason to believe she was just trying to steal my identity, and, NO, I would not be sharing any personal information to help her out.  Then the threats started -- "I'm going to have the State Department's head of security call you" "and my director, too."  My favorites were "you're stealing from the government and committing a crime" and "we're going to have your cell phone turned off." I told her to feel free to have them contact me since I wouldn't be sharing any information with the head of security or her director either unless they could prove what was going on.  Exasperated, I excused myself from the conversation and hung up.

What did I learn from all this?

  1. It's harder to resist the phisher than I thought, and it's also scary to consider "what if they're telling the truth"?  I still wonder about this one, but, I haven't gotten a call from the State Department's head of security and no one has shown up at my door yet.  I'm comfortable this one was a hoax.
  2. Phishers don't just email, they can also call.  It's harder to fend off a caller than just deleting an email.  When in doubt just hang up.
  3. Be tough and if what the caller says sounds fishy or just doesn't make sense, it probably isn't legitimate. DO NOT answer any questions -- even if the caller threatens you!!
  4. Don't be afraid to ask for proof of the caller's identity.  If the caller's claim is legitimate they won't hesitate to prove themselves to you.
  5. Report email phishing to the US-CERTReport phone phishing to the National Fraud Information Center.
Thank goodness I didn't fall for it! 

| Comments [3] | envelope Email This Entry | Tags: email   fraud   idtheft   phishing   phone   sommer   telemarketing   vishing