What is Phishing? (Part 2: Non Digital)

Last time we talked about phishing scams over the internet, but what most people don't realize is that more and more frequently, phishing scams are going "old school" and getting your personal information from you either over the phone or even in person. This is something I've seen first hand, and can be quite disconcerting because then you can see a face and/or hear a voice to put with the act.

The instance that I saw was with my then-boyfriend when I went over to his house to watch a movie. Part way through a young gentleman with a badge and clipboard came to the house and said he was from a start-up electric company in the area and asked if we were interested in getting a quote for electricity. To get the quote though, my boyfriend had to provide his name, address, phone number, email address (for an electronic copy of the quote), and several other things. At one point the man asked for his social security number; Thankfully my boyfriend did refuse to give that. A few more questions and he left, assuring us that the quote would be in the mail shortly and an electronic copy sent as soon as possible.

As soon he closed the door and turned around, he saw the look on my face and realized what he did. Thankfully the young man hadn't gone far and my boyfriend was able to retrieve all the copies of the information he gave. This is just one instance of something that looks perfectly legitimate, but was most likely a phishing scam. My general rule of thumb for giving your information to those inquiring is such:

1. If they claim to be from XYZ company, do a quick online search to verify this company. This is not fool-proof as most big phishing scams will make a fake webpage though.
2. Just because someone has an ID badge and clipboard does NOT mean they're official! As silly as this sounds, these simple props make people significantly more likely to comply with requests.
3. If at any point someone asking you questions requests your social security number- STOP! Unless you're in a professional setting like a job interview or doctor's office they don't need that information.
4. Assume first that people are phishing until proven otherwise. I know this sounds pessimistic, but being in this mindset will do more good than harm when protecting your personal information.

Practical Tip of the Day:
If a company calls you and then asks you for information to verify your account, STOP! Offer to call the company back using the phone number from the yellow pages or official website. Some phishing scammers will claim to be from your back, say there's been a potential security breach, and then ask "for your safety" to verify your account number and name. By offering to call them back from the phone number you already have for the bank, you can verify the legitimacy of the call. (Also, if your bank really does do this, get another bank. This is a terrible practice if any bank really does do it.)