How do I deal with companies that call and ask for personal information?

Question

Several times I get a phone call from a company- my bank, utility companies etc. Many times they are just cold calling me, but once or twice they were calling for legitimate reasons (ie, something to do with my account).

The problem is, all these companies ask you to confirm your personal details, like date of birth. Now I have no way of knowing if the person calling me is the real company, or some phisher (because even if the call isn't from a blocked number, it's just a number and I have no way of knowing who owns it).

Usually, when they ask me to ask for personal details to prove my identity, I tell them since they called, they should prove their identity.

At this point they usually get irate and warn me they cannot go ahead for security reasons. Now I don't want to miss out on important calls, but neither do I want to give out my personal info to anyone who manages to find my phone number.

Is there a proper way to deal with such calls?

I usually don't take their calls. I will just call them back on their official contact number and mention that an individual was trying to reach me. They will usually have notes on why they were calling you. — Rowell, Feb 05 '13 at 20:24
Rowell is entirely correct. I have done this multiple times for contacts from my credit card company, and I have had people do this same thing to me when I have cold-called them. It should be standard practice for customers, and companies should have procedures to handle it. — Jonathan Garber, Feb 05 '13 at 21:40
I have NEVER been asked to confirm my identity when my bank and other business contacts call me. They are calling you on the number they have file, its safe to assume, you are the account holder. Besides they shouldn't be giving out ANY personal information over the phone thats what a physical letter is for. If they are giving out identify information over the phone then I stop doing business with them. Besides most of the time I let them leave a voice message. If its urgent there is paper statements, email, and text messages. — Ramhound, Feb 06 '13 at 12:21
The problem with calling back is that I end up in a one hour waiting queue being told every 20 seconds that someone will soon be with me. — MPS, Nov 26 '18 at 05:46
Some companies like my bank you can call via an app which has a specific number to ring with tones that authenticate you. It's faster and saves time but yes you still have to wait. Perhaps you can authentic with a shared secret which you partially reveal. — Darryn Brisdaz, Jul 19 '22 at 22:39

score 66 · Accepted Answer · answered Feb 04 '13 at 16:56

66

I react exactly the same as you- I first ask them to authenticate themselves to me, after all, they called me. If they can't or won't I tell them that I will call my bank manager/utility rep/whatever and that if this is an official message I should be able to receive it after authenticating the usual way.

Don't give in to them- they need motivation to start doing this right.

answered Feb 04 '13 at 16:56

Rory Alsop

61,367
12
115
320

It would be nice if there were some links to government policies about such things. I get told, "It's our policy", which is nonsense, because their policy is whatever they make up. The reality is that their ACAD systems often dial the wrong number, and they are trying to cover their asses. – mcr Sep 05 '20 at 15:12
1

Government are not going to be the best to define such things. Typically they are well behind the curve (exceptions being their intelligence agencies) – Rory Alsop Sep 06 '20 at 16:09

score 29 · Answer 2 · answered Feb 04 '13 at 16:39

29

I generally ask that they give me a call back number so that I can validate their identity. If they give you the number, tell them you will call them back momentarily at that number and validate that it is a number for the company they claim to be. If they get irate, ask to speak to a supervisor, if they still won't play ball, hang up on them and call the company they claim to be and ask about the call. If the call was legit, they should be able to let you know what it was about, if it was not, then it is good for the company being imitated to know so that they can warn their customers.

Never give out information that could be used to validate your identity without first validating the caller and generally the only way to safely do that (for both of you) is to initiate the call to them.

answered Feb 04 '13 at 16:39

AJ Henderson

41,816
5
63
110

6

There's no reason to trust the number they give you before they authenticate themselves. Ask them for a way to navigate the phone tree from a known public number for the company, instead. – TREE Feb 04 '13 at 20:58
1

@TREE - right, if I wasn't clear, you should validate the phone number before calling it back. If you can't find a way to validate it, then call the main number and try to validate the number with the company that way. – AJ Henderson Feb 04 '13 at 21:00
Phishers may leave the line open after requesting you to call back. This means they will receive the call regardless of where you think you are dialling. To avoid this, call back on a different line or wait sufficient time that they will have given up. – David Marshall Feb 04 '13 at 21:30
2

@DavidMarshall - Interesting, I was not aware that there were any phone systems currently in use that didn't process a line termination. If this is a risk in your area, then just call a known number that isn't them and see if you get the expected answer. – AJ Henderson Feb 04 '13 at 21:36
@DavidMarshall - apparently it does happen on some US phone lines too after I did a little research, though it does sounds like VOIP and Cellular should disconnect immediately. That's a very interesting piece of trivia though. – AJ Henderson Feb 04 '13 at 21:43
5

@AJHenderson In the UK landline calls are only terminated when the originator hangs up. There have been frauds reported recently where the caller claims to be a police officer from the Fraud Squad dealing with misuse of the callee's credit card. He invites the victim to ring the emergency number 999 to verify his identity. Subsequently the victim is persuaded to enter their card number and PIN on the phone keypad. In some cases a courier is even sent to collect the card. – David Marshall Feb 04 '13 at 21:45
4

@DavidMarshall - you Europeans get all the fun scams first. All they come up with over here are e-mails for male enlargement and "Canadian" pharmaceuticals. – AJ Henderson Feb 04 '13 at 21:49

score 11 · Answer 3 · answered Feb 04 '13 at 22:02

Firstly, you are the customer. Getting irate at customers is bad business practice, so real banks train their operators not to act that way (the only companies who can afford to shout at customers are companies who are in the fear management business, i.e. the Mafia, non-democratic governments, and televangelists).

Secondly, banks train their customers to never, ever give personal details to unsolicited phone callers (or, for that matter, by email). Genuine bank operators, and good impersonators, know that -- the latter will thus have a handy story to cover that, and that story may be entertaining. This is the only point which justifies keeping on with the conversation; otherwise, it is just a waste of time and the only sane response is to just hang up.

If you are anxious about missing an "important phone call" from a bank or utility company, then tell them that you will call back in five minutes -- and five minutes later, you call them back, with the real phone number, not any number they gave you. If it is important, they'll still be there. And in that case, you will know that they have very sloppy security procedures and you will be entitled to shout and scream and threaten -- remember, you are the customer. That's your job.

score 1 · Answer 4 · answered Dec 22 '13 at 05:35

Just don't give them any information. Tell them that as you know they want to get in touch you will call the bank or go in and see them in person rather than deal with them on the phone. If they get irate just hang up you have every right to protect your privacy.

You could call your branch and get your branch to verify the number they have called on .. but then why not deal with it while you are on the phone to your branch.

Something to keep in mind is there is currently a SCAM going around where they will call you and ask you for your verification details etc. When you ask for their verification they will give you a branch number to call or tell you to call the lost number on the back of your card.

You then hang up and pick up the phone again to call the number. As they called you they can hold the phone line open (on landlines anyway) so when you pick the phone up to call the branch number you are still connected to the original caller (as they did not hang up). They hear you dialing the numbers and simply answer pretending to be the bank and of course will say everything is fine and to proceed.

So remember to check for a Dial Tone (hope they are not playing a dial-tone down the like to you). Better still ring a friend or the talking clock before you call your branch.

Any way the conclusion is just don't give out any info if its serious they will just ask you to call into your local branch or send you a letter.

score 1 · Answer 5 · answered Apr 07 '15 at 17:02

I give them grief over the hypocrisy of calling me and trying "to verify information", explaining the situation, and then tell them I have no way of verifying who they are. Sometimes they understand, sometimes they have no idea what I am talking about.

If I thought the call was important, I would call back on the published number and carry on my business.

If I thought it was a scam or doubted the authenticity of the call, I would drop it like it was hot.

score -3 · Answer 6 · answered Feb 05 '13 at 19:59

-3

i usually ask them to contact me via mail or email they already have on file.

answered Feb 05 '13 at 19:59

rvh

1

2

Though if they already have your phone number, it might not be a great stretch of the imagination that they could also have your e-mail address and could send a bogus e-mail as well. Same goes for most addresses if they are dedicated enough to pay postage. – AJ Henderson Feb 05 '13 at 20:59
2

@AJHenderson - Of course in most case these scam phone calls are cold calls. Just look at all the calls `Microsoft Technical Support` make to people. ( That company actually does exist btw but has no connection to Microsoft ). Microsoft WILL NOT call you about your infected Windows computer. – Ramhound Feb 06 '13 at 12:28
1

@Ramhound - there are two kinds of calls, one is cold calling where the scam is the point of the call. The other is phishing where it is more targeted and they are trying to get information to go after someone's account. In the latter case, they would have some information already that they are trying to fill out. But yes, it might help some cases. Also +1 for mentioning the "Microsoft" guys, I get calls for that scam fairly regularly. Since I'm a software developer, I enjoy getting hours of entertainment wasting their time asking non-sensical questions and see how they try to respond. :) – AJ Henderson Feb 06 '13 at 14:03

How do I deal with companies that call and ask for personal information?

6 Answers6