Ask LH: How Can I Be Sure A Customer Service Call Isn't A Scam?

Dear Lifehacker, I'm becoming increasingly paranoid about the phone calls I receive, even from companies I do have accounts and services with. I recently had a call from my internet provider and they asked me to confirm my identity. What should I do under these circumstances?

In this case, they asked me for my date of birth and address. I politely declined and informed them before I can give them that information they need them to prove they are in fact my service provider. I asked them to tell me my account number or at least partial digits of it. They were unable to tell me this information without me first proving who I was. So after this there was silence for 15 seconds and I suggested they email or write to me if there was an issue.

Was there any other way to resolve this issue? How can I get the companies I hold accounts with to prove they are who they say they are?

Thanks Cautious Caller

Image courtesy of Shutterstock

Dear CC,

You're right to be cautious. Scam calls are rife. Even though there was a major bust of one operation responsible for fake Microsoft support calls last month, that doesn't mean the problem is going to go away. We've had reports from readers that similar calls are still coming in.

While asking for your account number seems like a reasonable method of verification, we don't recommend it. Systems get hacked and account details leak.

For incoming calls claiming to be from your phone company, bank, electricity provider or any other organisation, the best approach is the simplest: don't give out any personal information whatsoever, and don't ask them to prove their identity either. Instead, ask them for a phone number you can call back on, and a reference number if they're calling about a specific issue. If the call is genuinely from your provider, they will definitely be able to provide the phone number, and chances are there will also be a reference number.

If they don't want to provide a number to call back on, don't waste time on the conversation. Simply hang up. The caller will either be a scammer or a third-party sales organisation whose only aim is to sell you other products or upgrades (in which case the caller doesn't want whoever answers the phone getting commission). Either way, you don't need to waste time on them.

If you are provided with a phone number, don't call back straight away. Go online and check if that's actually a phone number associated with the organisation. A simple Google search will often suffice. If you have any doubts at all, go direct to the relevant company web site and look up the general contact number, and use that instead.

If you've made the call yourself, supplying details to confirm your identity shouldn't be a risk. For an incoming call, it's something you should never do.

Cheers Lifehacker

Got your own question you want to put to Lifehacker? Send it using our contact tab on the right.


Comments

    Do companies even cold call for things that arent sales/advertising etc anymore, i can honestly say in the past 3-4 years ive never gotten a call from a company, where i have an account, that was for anything other then a sales push

      Quite a few places will get in touch with you if you have a dishonoured payment.

      I've often had calls from companies for "customer feedback". Of course they're fishing for something they can turn into sales in the long term (aren't all companies?), but I've never had the phone calls turn into sales there and then.

      Cold calling is calling potential customers that don't have any connections with the company.

      Obviously there are marketing calls from companies that you hold existing accounts with but these aren't classified as cold calls.

      Generally if a company calls you and asks for your details, it's usually a collections call; meaning your account has fallen behind. The reason most companies do this is due to the Privacy Act.

    In the UK, it may be true here, if someone calls you on a land-line and you hang up, if the caller doesn't hang-up then the connection stays open.

    The upshot of this is, the scammer can tell a suspicious person to "go get your credit card and call the number that is on the back of the card" (or your last bill or whatever). The person can do just that assuming they are safe but they are simply talking on the same line the scammer is patiently waiting on, not making a new call at all.

    This has become so elegant a scam in recent years, the scammer even plays a "dial tone" recording until you actual start to "dial" your bank.

    The rotters.

      "The person can do just that assuming they are safe but they are simply talking on the same line the scammer is patiently waiting on, not making a new call at all."

      This doesn't work with mobile phones. I don't even know why people bother with landlines these days..

        "This doesn't work with mobile phones. I don't even know why people bother with landlines these days.."

        Vodafone.

        It's much easier to teach very young children how to use a landline in an emergency than it is to teach them to use a mobile phone - which also could be anywhere in the house at the time the emergency happens.

    Yup.. call them back. I always do this. As per the article, if they're genuine they should have no issue with this and will be able to provide you with details to contact them back. However, I would be hesitant to call them back on the number they provide, especially if the first 3 digits (after the area code) is 800, these are Skype numbers. :) Just look their number up on whitepages or their official website and call that number instead.

    Working for an Insurance company, we have contact the customer immediately if we notice something incorrect on the policy. The number of times I have had paranoid Grannies refuse to confirm 3 points of I.D. (Full name, DOB and address) is ridiculous. I understand that there are con artists out there, but without that information we can't confirm any details or reveal anything about the policy with the policy holder being fully identified which in cases can mean they are out of cover.

    Sure you can request a number to call back on, but you are not going to get that same consultant with the way our phones work, which means frustration for the customer when they get a consultant who has no idea what the customer is talking about.

      I'd argue that's a flaw in your systems. Why wouldn't there be a note on the customer record explaining details need to be confirmed?

        I agree it is a flaw, and it does cause a lot of head aches. But unfortunately this is just how the system is and I don't see that changing any time soon. To put our IT department into perspective they just sent an email around a month ago how we will be upgrading our browsers from IE6 to a "more modern browser" IE7...

        I agree; surely the customer can just call you guys back for peace of mind and quote a reference number and be up to where you guys left them at the end of the first call?

          The problem being say if I contact the customer about a particular issue, I am familiar with the issue and know what needs to be done. If they request to call back, we can't guarantee that the other consultant will know what needs to be done and especially dealing with Insurance, if we give incorrect information to the customer things can get very hairy very quickly. There is also the problem of hold times, I have seen in busy periods (EOFY) queues of up to 1 hour for the service line and up to 8 hours for the claims line just after a major event. By the time the customer gets through, the consultant may no longer be available to handle the call and again this cause frustration for the customer.

            An insurance company - right? Policies have numbers - right? And you have no capacity to make a file note on the issue you are familiar with?
            Sounds like a scam to me.

              Yes we do, but not all consultants are authorised to discuss the initial issue, resulting in multiple transfers to get through to the correct person. It is simply not efficient with the current set up and why we prefer to handle customer concerns when we call back.

      Paranoid Grannies are great! The elderly are often the hardest to convince a scam is taking place and some of the most likely to be taken advantage of.

      Angus, as an addendum to your scheme. I would enforce that the phone number be listed on the white or yellow pages directories. Or better yet, ask if you can dial the number listed on your bills or other existing correspondence. Googling for sites is likely to run in scam or phising websites ;)

      Why are you confirming their ID if YOU are calling THEM?

      This is the thing I don't understand about the process. If they were calling you, fine.. you need to ID them.. but if you are initiating the call to an established contact number they have provided you, that has been verified.. why are you asking them to disclose identification details that can easily be used to defraud people?

        i agree completely unfortunately companies are so scared of being sued when they aren't in the wrong these days that they must do these ridiculous things just to cover arse

          It is a security issue, that is why we do it to keep in line with the Privacy Act.

        Because what is stopping a consultant calling through on a old number that the customer hasn't updated in the system. All of a sudden we are discussing your personal information with some random. It is for security reasons to put it simply.

          I work in fraud prevention, so I always end up seeing both sides of these things.. :)

          I guess if you're handing out information, you need to make sure they are them.. I would just be nice if there was a way to do it without compromising consumer security (way of thinking is educated by company that leads to them disclosing to a fraud call at later time) instead of it being about the company's security.

            In an ideal world, there would be a central database of contact information that all companies could access providing they had a customer of interest so the information was always up to date and we wouldn't have to confirm any silly details :).

      Calling your customers ridiculous for following good practice in dealing with cold calls asking for personal information, then blaming your systems is pathetic.

      Next you'll tell us it's the customer's fault for needing to call you anyway.

      God help Australia when people with your thinking get into management or control any handling of customer data.

      There are dozens of better business practices you could apply in your situation than cold call outbounding.

        It is the quickest way to fix a problem to simply get in contact with the customer. With a recent system issue in regards to CTP we were able to contact 30% of the affected customers within 24 hours and have the issues fixed. The other 70% didn't have correct contact information in the system (hence confirming the identity when we do call an old number) or decided we were trying to scam them. The customers in the latter category are then the customer that call up 7 days later when they receive documentation from us complaining that we should have got in contact sooner.

    my favourite "gotcha!" moment was with dealing with guys who actually were on my doorstep, saying something about being from the gas company and us not being on the cheaper deal, and they could work it out by me getting any gas bill to show them. I asked them "so what gas company are we with?" "Errr...." Obviously with those tech calls they claim Microsoft or Apple, but for ISP or energy provider, it's more of a stab in the dark.

    I won't call back companies. Why waste my money calling them? There are ways they could identify themselves as well as identifying myself (challenge response questions for example), which for whatever reason they choose not to bother implementing. I don't see why I should give them my time and money when they can't help themselves.

      I agree fully. I don't need the cost or time involved in calling back - but I feel very uncomfortable providing info that could easily be used to assume an identity unless I am happy with the way a third party would secure that information. I can't give a random caller with a blocked number that trust. A pre determined 'Challenge Response' senario could be a workable solution...

      Heh, this has made me think of a particular quirk of mine. I have a phrase that I came up with in my youth such that I would tell it to myself in the event that I ever invented (or obtained use of) a time machine so I would know it was really me.

      Back on topic - I agree with you that it's a wasted effort trying to differential the scammers from marketers (either way, why waste time speaking with them). I think the challenge-response would be a good way to identify a company cold calling you, potentially avoiding the 'bambalam' scenario detailed above.

    Some are very obvious.

    Last year I had a call that went like this "Hello. My name's Stephen calling from your bank. We're currently conducting random security checks. We just need you to provide your full name, credit card number and expiry date please so we can check they match our records" - And yes they said "your bank", not the name of the bank I'm with.

    I'm sure they fooled no one.

    What a lot of people don't seem to realise (perhaps Angus included) is that it is a breach of the privacy act in Australia to discuss account details WITHOUT confirming the identity of the person, be it a call to them or from them, this does not affect the requirements.
    Whether you want to, think you should, or however you feel about this - regardless, this is why.

      It is a breach of stupidity to provide personal information to a cold caller.

      We know the law, the persistence from service call centre staff that customers should just ignore good practice so they can close their task is just pathetic.

    Just a idea*shoot me down if necessary*
    Is there any way of making a new caller ID system? as in registered business's names appear after phone number,wherein they can only have listed numbers registored to that business so no duplicates can be made eg @telstra and no others allowed to be made with this callsign.
    Or am i in the world of fantasy?

    Simple. Just provide a call back number, plus a reference number, and list that number on your web site. e.g. company.com/callback/department247

    If you don't want that number to be public, just password protect the page and and give out the password when calling.

    Blaming customers for being "paranoid" just doesn't cut it. In fact customers who aren't paranoid are far more of a liability for companies these days.

    I received a Virgin Mobile service call last month. I had the same hesitation giving my info and not really knowing if it was them. When the guy on the phone actually got to the point of repeating my pin number back to me, I believed that it was really a Virgin rep. But that was the only way I was going to believe him, and then I felt really uncomfortable that he gave me my pin. Catch 22!

Join the discussion!

Trending Stories Right Now