Recently, I took a vacation to visit my husband's family on a tropical island. It's a far cry away from our home in New England: We left chilly far temperatures and leaves turning golden hues of oranges, yellows and browns and flew roughly 1,900 miles away to Puerto Rico where the temperatures never went below 80 and everyone wondered why I had brought my hoodie.
A few days into our trip, I was tending to our children upstairs when my husband asked for my attention urgently downstairs. His step-mother was on hold on the phone. "Someone from T-Mobile has called me," she said, "and he's told me that someone has purchased four iPhone 17's on my account. He needs to send me a code to verify in order to stop the purchase. But it doesn't sound right."
"Oh it's not," I told her. "That's a scam. They're trying to access your phone and steal your account, all your personal information, or both. Hang up, don't give them anything."
This type of vishing or phishing scam isn't new. A quick Google search for "iPhone purchase scam" will show you just how common it is – and I was able to find results going back as far as 2020. A hacker or scammer will call, say that someone has made an exorbitant purchase with your account and they need to send you a code or otherwise access your account in order to stop or reverse the charges.
They're looking to either gain personal information like credit card details, or get you to download an app, which will provide them remote access to your phone. Either way, they get control over your accounts: bank accounts, Apple ID, cloud accounts, social media, or they get remote control over your entire device meaning they can download malware, keyloggers and more.
My husband's step-mother did what I recommended – she hung up on the scam call, then called T-Mobile customer support directly from a number she had on a bill to verify that nothing suspicious had shown up on her account and to report the fraud attempt to them.
It was all fine in the end, but it was a pretty close call for a few minutes there.
What went right during this phishing attempt
Here are the things she did right that saved her from getting phished:
- She listened to her gut: Even before she talked to me, she knew there was something wrong with the call and the caller. His accent sounded wrong she told me, and she also said he didn't sound like the typical interaction she had with T-Mobile customer support. It just didn't feel right, and she listened to that feeling.
- She didn’t allow herself to be rushed by the situation: Despite having company at her home, as well as a few extra kids running around creating noise and chaos, she slowed the situation down by putting the caller on hold. She didn't allow herself to get distracted or let herself get pressured into accepting the code and advancing the transaction.
- She confirmed with an expert: She knew she had a resource in the house she could verify the situation with, but it would have been just as easy to check Google to see if it was legitimate or to check the callers number, or her account, from a different device.
- She locked down her accounts independently: After the event was over, she made sure to go back through legitimate channels to make sure that they were unaffected and to alert the appropriate companies about the fraud attempt.
How to stay safe from phishing scams
If you're worried about dealing with something like yourself or want to help your relatives stay safe from phishing attempts over the phone, there are a few key things to keep in mind.
Just like with most online scams, this one uses a sense of urgency to get you to act quickly. By keeping a level head and not letting your emotions get the best of you, you're much less likely to fall for a phishing scam like the one described above.
Given how rarely many people communicate via phone calls these days, an unexpected one can certainly throw you through a loop, especially if the scammer is able to spoof the company they're impersonating. For this reason, you can ask a few key questions to determine whether or not you're dealing with a vishing attempt. Ask the person on the other end of the phone where they're located and get them to describe it. If you've been there before, it's easy to tell whether or not someone is lying but like my husband's step mother did, you should trust your gut.
Since it's easy to get tricked and fall for a scam like this one, the best offense is a good defense and there's no better protection than investing in one of the best identity theft protection services.
Unlike with the best antivirus software which is designed to stop malware and other viruses before they infect your devices, identity theft protection helps you pick up the pieces and get your life back together after an attack. Whether you had money from your financial accounts stolen or worse, your Social Security number, the experts at these services can help you regain your identity and the identity theft insurance that comes with your subscription is there to help you recover lost funds.
Finally, remember the old adage, knowledge is power. By continually educating yourself by reading about the latest scams and malware campaigns, you'll know the signs to look out for which will making it much less likely that you end up falling for one.
More from Tom's Guide
- What are phishing scams — and how to avoid them
- I found a phishing email in my inbox and a malicious app in my news feed — here’s how I knew they were scams
- Hackers are now using deepfakes in phishing scams to fool banking apps and steal your money - how to stay safe
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
