Consumers are growing wiser to what is considered an appropriate security protocol when they engage with an organisation, and now more than ever companies are making a point in their advertisements and on their websites that they will never ask for your password over the phone or ask you to submit account details from a link in an unwarranted email.
Hackers know that consumers are becoming more suspicious, especially when they receive an email that is littered with calls to action, encouraging them to click a link or ring a number to verify their account information.
The Double Bluff
Cyber criminals are now adapting their approach, and one tactic that we have encountered is hackers adding an extra narrative to phishing emails that implies that they are concerned about your security.
Either in the footer of the email or just below the sign off point, the hacker will put something along the lines of: “if you think you have been sent a ‘phishing’ or scam email, please don’t click any of the links in this email". They will then either suggest you ring a phone number (which will be a fake phone number) or log into your account by clicking a link in the email to check your account details (something you have just been told not to do); two conflicting and contradictory messages that the hacker has engineered to trick and confuse the recipient.
If you think an email is suspicious do not click any links in the email or phone any numbers listed on the email. conduct a search for the company, find a phone number on their website and ask to speak with someone who can give you information about your account. Ask if there is any record of the email communication being sent to you and give them the details of what the email includes. Ask if the number listed in the email is a legitimate number for that company. If not, it is likely that the email is a phishing email that needs to be reported.
Another option would be to search for the number listed in the email online. If the phone number isn’t legitimate, the search will not yield any results for the company's website and you might see other people listing the numbers in forums as spam.