An actuary can tell you how many people between the ages of 50 and 60 will die this year. A Sicilian actuary will tell you their names.

Actuarial science uses the laws of probability and statistics to predict the possibility of things happening in the future. Much of the predictability depends on the size of the group under consideration. Generally, the larger the group, the more accurate the predictions become.

When it comes to phishing, larger numbers also work to the scammers’ advantage. A greater number of phishing emails sent means a greater number of victims hooked.

Before I go on about phishing, let’s take a step back and talk about what phishing is and how it works. The term “phishing” first appeared around 1995 and it pertained to computer scammers’ attempts to catch people in an online scam of one sort or another. Webster’s Dictionary defines phishing this way:

“A scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly.”

Phishing can be defined more broadly than this, as phishing can also be undertaken over the phone or in person. The concept of phishing relates to fishing in a lake or ocean. A person that’s fishing knows that casting a line or net will not catch all the fish in the water. But because there are a lot of fish targets, if that person fishes correctly, they are likely to catch a few.

Phishing emails

Many people have asked me why they received an email from a bank that they don’t use or had never even heard of. The answer is based on the concept of email phishing. Scammers send out large numbers of emails designed to look as if they are coming from a certain bank. They know that the emails will land in the email accounts of people who are not customers of that bank, but it doesn’t matter because the fake email will also be received by people who do bank there. When the email reaches its target and a recipient falls for the phishing scam, they might be tricked into providing their bank login credentials to the scammers. (This is called a bank account takeover. There is a separate chapter focused on this crime.)

Telephone Phishing

Telephones, both land line and mobile, are another ripe conduit for phishing by crooks. Phishing is most often used over the phone in cases where the caller is requesting money, information, or access to a person’s computer. Common examples include fake calls from the IRS, Microsoft, or a person claiming to be a grandchild in trouble.

The scammer/caller knows that many people receiving these calls will either not answer, hang up after answering, or not be scammed at all. The scammer knows that they are not going to catch every “fish” in the sea. But all they need is for a few victims to fall for the trick to get a nice return. In short, if they put out their line enough times, they will get a “catch.”

How to avoid phishing attempts

There is a very simple strategy to prevent phishing scammers from victimizing you:

BEWARE OF UNSOLICITED COMMUNICATION AND DON’T TAKE INSTRUCTIONS FROM THOSE WHO HAVE CONTACTED YOU THIS WAY UNLESS YOU HAVE VERIFIED THEIR LEGITMACY.

 

Let’s take some of the examples of scams discussed in the chapter about emotions and discuss how you might go about responding.

 

Scam:

You receive a phone call from someone claiming to be from the Internal Revenue Service, who tells you that you are behind on your tax payments and if you don’t pay right away, you will be arrested by government agents.

Response:

If it is a recording on your answering machine, do not call the number provided. If, rather than a listening to a recorded message, you are talking to a person claiming to be with the IRS, do not engage them in conversation and discontinue the phone call as soon as possible. In other words, hang up. The longer you engage, the greater the chance they could trick you. One person told me that they were not convinced by a caller claiming that they were with the IRS until the caller provided an IRS badge number to her. Really? A crook can’t make up a number on the spot? Also, don’t toy with callers because you know the call is a scam. The scammers may try to inundate you with future calls to punish you.

If you have caller ID, disregard the number associated with the call. With technology, it is very easy to spoof a phone number to make appear as though an incoming call is coming from a number other than the real one. A crook can look up the number of the IRS and make it appear as the incoming caller’s number.

By the way, if you do have an issue with unpaid taxes, as mentioned previously in this book, the IRS will notify you by mail before you receive a phone call. If you have any concern that you owe money to the IRS, then look up their phone  number  and  call  the  agency  yourself  using  that number.

One final note on this scam: should you report the attempted scam to authorities? Don’t bother. Neither the IRS nor a law enforcement agency is going to take any action if you have not lost money to the scammers. If you did provide money to the scammers, then you should report the crime to the police and the IRS, but in most cases, it will just be added to the statistics of those who have been tricked before you, which, according to the federal government, number in the thousands of victims and hundreds of million dollars in losses.

Scam:

A caller claims that your computer is infected with malware. They want remote access to your computer to fix the problem. This is called a tech support scam.

Response:

Hang up the phone. It is not possible for an unsolicited caller to know anything about your computer. As with the fake IRS call, even if you know it’s a scam, you should not engage with the caller or try to have fun with them. You may end up getting more calls, which is no fun at all.

It should be noted that computers do have issues that sometimes need to be resolved by calling customer support. In some cases, the support specialist may ask you for your permission to obtain remote access to your computer, as this is the most efficient way to fix an issue in most cases. It is acceptable to provide this access when you have placed the phone call to a number that you have looked up yourself and you know that it is the correct number for the company whose support you seek.

Scam:

A caller claims to be a grandchild in trouble. Of course, this scam only applies to people who have grandchildren, more specifically, with grandchildren old enough to get in the kind of trouble that would require a grandparent’s help. Common scenarios include a grandchild who has been arrested and needs bail money or a grandchild that has been in a car accident and needs to pay a medical bill.

In any case, the “grandchild” tells the grandparent not to tell their parents and not to call them back. The caller will give the victim specific instructions on how to wire transfer money or to buy merchant gift cards or pre-paid debit cards. They will then ask the grandparent to provide the “grandchild” with the gift card number, which in effect transfers the money to the scammer.

Response:

The following advice is true no matter how much the caller may sound like a grandchild, even if the caller knows the name of your grandchild. The scammer may have obtained the name through social media or another source, or the victim may have inadvertently given the name to the caller without realizing.

After hanging up the phone, contact the grandchild that is supposedly in trouble at a phone number that you know belongs to them, even if you have been told not to call. You must verify the caller’s identity before providing money. You can also establish a passphrase or code word with grandchildren that they should use if they really do need your help.

Some have suggested that the grandparent should ask a question or two to which only an actual grandchild would know the answer. I wouldn’t recommend this strategy by

 

itself,  as  a  scammer  can  obtain  lots  of  background information about a target on social media sites.

There is more information about these scams in other parts of the book, but I would like to close this chapter with a story about how to not become a victim of phishing. This story involves the phone, but the lesson also applies to email phishing attempts. The best way to stay safe is to always verify the identity of the person to whom you are communicating.

So, here is a very personal story that relates to that point.

I joined the FBI in 1988, and in July of that year I arrived at my first office assignment in Kansas City, Missouri. I was assigned to a  white-collar crime  squad, and one  Friday afternoon in September 1988, an agent from our organized crime squad came over to the white-collar area. “Anybody want to go on a search warrant on Sunday morning?” he asked. “We need another person.”

As a new agent, I wanted to do everything, so I was quick to respond. “Sure, I’ll go,” I answered.

Two days later, the agent and I arrived at the home of a bookie and served the warrant, which allowed us to take any property believed to be connected to illegal gambling. I was at the bookie’s desk gathering the evidence, while the other agent was interviewing the bookie in another room.

It was a Sunday morning during football season, so something happened that one might expect at a bookie’s desk: the phone rang. I was a new agent and not sure if I should just let it ring or not, so I asked the other agent. “Go ahead and answer it,” he said.

Before I tell you what transpired next, I must digress. My father was a small business owner in Norwalk, Connecticut. He owned a Hallmark Card store and a convenience store that was named Jet Variety. As a teenager, I helped my dad around the store after school, on  weekends,  and  during summers. On occasion, a group of men would congregate in the store after buying a newspaper called The New York Post. This paper was very popular among the men because it had an extensive sports section. Included in this section were the betting lines for games taking place on any given day. The men would come into the store on a regular basis, grab the paper, and talk to each other about what games they were going to bet on that day with their bookie. There were many occasions over the  years when I overheard these men’s conversations, and I started to learn about the meaning of the betting lines. Over time, I learned the vernacular and the parlance of gambling by listening to these men.

Now, jump back forward to the bookie’s house in 1988. I was at the bookie’s desk wearing my gun and badge, gathering the betting records in fulfillment of the terms of the court-ordered search warrant. When I asked the agent what to do about the ringing phone, he told me to answer it. I did.

I answered the phone as I would have under normal circumstances. “Hello.”

“Who is this?” The caller asked.

“Jeff.” I was not acting in an undercover capacity, so I told him my real name.

“This is Mike,” he said. “Hey Mike.”

“What is the spread on the Chiefs today?” Mike asked.

I knew exactly what to tell him because the bookie’s paperwork was right in front of me. I knew how to read the lines because it was part of the jargon the men used in my dad’s store.

“The Chiefs are plus 6 ½,” I told him, reading directly from the bookie’s sheet.

“OK, gimme fifty on the Chiefs,” Mike instructed.

“You got it. Anything else, Mike?” I asked, jotting down his bet.

“That’s it for now,” he replied.

I went back to making an inventory of the bookie’s papers when the phone rang again. “Who’s this?” the caller asked. A pattern was starting to develop.

“Jeff. Who’s this?” “Frank.”

“Hey Frank, what can I do for you?” I asked. “What’s the over on the Vikings?” Frank asked.

Remembering this terminology from listening to the guys in my dad’s store, I looked for the Vikings on the bookie’s sheet and saw the number indicating the total number of points a bettor thought would  be scored by both teams together. The bettor could place a bet the final score would be under or over that number.

“Forty-four,” I told him.

“Give me the over for twenty-five,” Frank said. “You got it, Frank,” I said.

“Thanks Jeff,” Frank said.

This went on for about an hour and no one asked why the regular bookie wasn’t answering the phone. That is, no one except the FBI agent at  our office downtown  who was listening to the bookie’s phone, as our wiretap on it was still active. I was so new in the office that he didn’t even know my name. “I was wondering what the hell was going on! Two FBI agents go in and bust the bookie, and then some other bookie named Jeff starts taking bets,” he told me later. “You sounded like a real bookie.”

The agent might have been wondering about me, but the bettors didn’t. Mostly, they just wanted to get their bets placed. One bettor was also concerned that he might not be able to collect from me if he won his bet. “Jeff, I don’t know you,” the bettor said. “But I get paid on Tuesdays. You are still gonna pay me, right?”

“Yeah, don’t worry about it.” I said.

“OK. I just want to be sure.” He then went on to tell me his name, spelling his last name out letter by letter, followed by his address, with the street also spelled out. “You’re gonna come over on Tuesday, right?” he asked.

“Oh, don’t worry. We’ll be over,” I said.

A little later a bettor called who was more circumspect than the previous callers. “Who’s this?” he asked.

“Jeff.”

“Jeff who?” the caller asked.

I really wasn’t that comfortable in this impromptu undercover role as a bookie. His question put me on the spot. I didn’t want to give him my last name and I wasn’t quick enough to make something up. I told him the truth. “Jeff with the FBI,” I said.

After saying that, I thought I would hear a click on the other end of the phone line. Instead, I heard hearty laughter. “Jeff with the FBI. That’s really funny, Jeff with the FBI,” he said, cracking up. “OK, Jeff WITH THE FBI! I want a hundred on the Chiefs,” he ordered, still laughing.

My time as an FBI bookie came to an end after about two hours of taking bets. What I learned from that experience was that I really didn’t think I could be an effective undercover agent. In this situation, I mostly told the truth. But in a real undercover case, I would have to learn to be deceptive and think quickly in potentially dangerous situations. I decided to leave the undercover work to someone else.

As it relates to phishing, it is important to make sure you know the identity of the person with whom you are communicating. Of all the people I spoke to that day as an “FBI bookie,” only one caller tried to verify my identity. Maybe it had to do with the fact that they were the ones making the phone call at a number they knew to be for their bookie.

For all of us that receive contact, it is important to always to verify the identity of the communicator before we provide money, information, or access to personal property.