Gretchen received a call on her cell phone this morning from a woman who claimed to be calling from our mortgage Company. This was not a legitimate call. It was "phone phishing", which is an attempt at identity theft. Phone phishing is using a phone call to obtain a person’s personal, financial, or password data.
This caller had Gretchen’s first name and the amount of the mortgage payment and she kept insisting that a mortgage payment was overdue.
The giveaway was that the payment was not due yet and she kept asking for our address information and home phone number which the mortgage company already has. Gretchen refused to give her any information on the basis that a person calling from the company would have all of the information this woman was asking for.
The woman had a heavy Hispanic accent, spoke poor English and was operating in some sort of "boiler room" environment where other people could be heard calling in the background.
Gretchen finally hung up on the woman who persisted until the last second trying to get more information about us.
Identity theft operators are getting more aggressive all the time. As consumers become wise to email scams, these criminals are changing their business model and are now using personal phone calls.
In the past we routinely got fake email "reminders" from people pretending to be PayPal, Ebay, and credit card companies. These emails asked us to confirm our account numbers or security codes because our accounts were being cancelled or are being suspended.
This is the first of the phone versions of this scam we have encountered, but I fear it is not the last.
In this case, I think that the phisher may have gained access to actual mortgage company information. The woman could have gained access to this data from a helpful customer service rep at the mortgage company. Oh yes, one of the ploys is for someone to call a company and pretend to be you and get enough data about you to get more data elsewhere.
To be safe, when someone calls from a company and wants personal data to verify ANYTHING, hang up and call the company directly using the number on your bill and talk to customer service yourself. Report the incident and if it reoccurs, change companies because someone may be leaking your data to outsiders.