Paul Hammant's Blog: Personal phishing protection idea (voice calls)
A phisher called me with a fake caller ID claiming to be Virgin Media. One clue that this was a phisher was from the time lag in the two way conversation. The clincher for me was the caller being unwilling to answer the question “could you provide me with a call back number please”. I can’t recall specifically, but the caller attempted to go past that question without answering. They ultimate just hung up on me without answering the question.
I asked the excellent Virgin Media online, and they agreed: a genuine VM caller would cooperate with a request for call back number or procedure:
You would say “I don not know what the callback number is”, and the caller would say “it is at the bottom of the page of the main website”. You would then say “how do I connect back with you”. The caller would respond “quote reference 234826 by voice on your keypad when prompted, but you may get back to one of my colleagues istead of me and that will be OK as they can perfectly carry on the call”.
A phisher will just hang up. Or may try to run their own script a) dissuaging you of needing to call back at all or b) giving you a long number rather than directing you to a place where you can authoritatively determine a genuine number for that call back. If the caller is the provider that is giving you the service that you are chatting on, they can probably give you a simple number like “150” to call back on. You will still need that reference number ideally.
Of course, caller-ID is meaningless in 2021. There is no teleco on earth that can guarantee it is accurate as the technology to verify it at distance was never implemented a decade back and is impossible to retrofit today especially as every call center is running VOIP (Voice Over Internet Protocol) software that needs to fake caller ID.
Others have suggested this before - it is not really my idea.