About 10:00pm I received a phone call from a local phone number that I didn’t recognize.  It appeared to be legitimate, because the phone number was from a neighboring town and it was much later in the evening that the typical telemarketer calls, I receive.

I picked it up and they asked for a family member by first name.  They didn’t identify themselves and were quite vague on asking questions.  After some direct questioning I was able to ascertain who they were looking for.  Upon direct questioning they identified as representatives of the local hospital emergency department. 

As a trained cyber-security professional this sent up many red flags.  I told them I would get in contact with the family member they were trying to reach and have them call back.  They offered a phone number, but I already knew I would not trust the caller ID nor any phone number they gave me. 

I contacted my family member, confirmed they were safe along with other loved ones.  I told them to contact the hospital on a phone number I verified as legitimate.  When they called the hospital, it turned out to be a legitimate call, but a wrong number.  It just so happened to be that the wrong number also shared a first name and a similar sounding last name to my family member.

I took this as a perfect opportunity to educate my mother why I was so skeptical and told her some key concepts with dealing with this type of call.  I’ll include my bullet points below:

1. Never volunteer any information, make the caller identify themselves
2. Before giving any sensitive information, call them back on a known, legitimate phone number.  I usually use their corporate webpage, but in banking you can use the phone number on the back of your card.

Although this was a simple case of an incorrect phone number, I thought this was a great case study on how to handle a sensitive phone call from an unknown number.

Stay safe out there!