2025 August 5 Stay safe from the phishers

You can view the original Facebook LIVE here.

Hi, this is Jim Cranston from 7EveryMinute and 7EveryMinute.com, the podcast and website about reimagining your life. Thanks for joining me today to talk about a public service announcement regarding new and improved phishing techniques—ways scammers try to steal your personal and banking information.

If you like what you hear today, please leave a like, subscribe, tell your friends, or send me a message.

I had planned to talk about my experience of being away for three weeks with essentially zero social media—and the almost panic it seemed to cause in the algorithms, which were sending me literally dozens of notices a day until I finally silenced them all. They were just nonstop: "Wait, did you see what this person did?" On and on. Literally more than three or four or five notifications an hour.

Instead, we'll be talking about some advanced phishing techniques and what to watch out for. Phishing is a type of social engineering where someone convinces you they're in a position of authority or knowledge and they need your help to prevent some sort of fraudulent action—usually involving money. But in reality, what they're trying to do is steal the very information they're claiming to protect.

This came out of the blue this afternoon while I was walking my very excited dog, who I'd just picked up from about three weeks in the kennel. It was all very well done, actually—with a few bloopers that helped give it away. Honestly, I caught it partly because I'm used to listening for inconsistencies due to the nature of my day job. As an engineer working on big projects, I always have subcontractors trying to use little weasel words and slip things through. I'm used to listening for inconsistencies.

Plus, I was very distracted—walking near a river with my excited dog—and, quite unusually, I had nothing to write on. I had a pen, but nothing to write on. So I ended up writing all the information on my arm, which added more pressure to comply with this call.

So I get this call from the Chase Bank fraud department—but with a local area code—and that was an immediate major red flag. Most fraud departments essentially never operate out of a local office. This was later explained as being done so people will know that it's legitimate. In reality, it's also done because it's far easier to spoof or fake a local number than it is a big international or toll-free number.

I did look up the number. It was a Chase Bank locally—but still, that made no sense. So I was already a little bit on edge with the whole situation.

Then I'm told that my Chase savings account—the one tied to my Zelle account—may have been compromised. That was the second big red flag. My only Chase product is not a savings account. This was explained away as, "Well, the bad people have already compromised all your Chase accounts," presumably including the ones I don't actually have.

Then I'm told I have to give Zelle a call to cancel the two fraudulent transactions that were identified. Only I can call Zelle and give the cancellation numbers that he had just given me—because Chase can't do it, since it's a Zelle transaction. Which is the third huge problem. Any bank or credit card issuer can stop any fraudulent transaction immediately. No need to talk to the vendor presenting the fraudulent transaction.

This was justified since it was a separate vendor—other than the bank—who presented the transaction. Kind of like every other transaction they process and monitor every day, such as grocery stores, department stores, Amazon, etc. The reality is, the bank can immediately stop any transaction they want to if they consider it fraudulent or even at risk of being fraudulent.

But then—he connects me right to Zelle. How lucky for me.

So we go to Zelle, and the Zelle woman is, again, very professional and could readily tell me my phone number and address. The first is pretty obvious—they called me. The second probably cost them somewhere between ten cents and free on the open internet. No great security breakthrough there.

When I tell her that I've never had a Chase product tied to Zelle, she gets very concerned—because they've clearly tied my non-existent Chase account to the bank that was used for my Zelle transactions. "Let me check," she says. "Can you give me the name of any other banks and types of accounts you may have tied to Zelle?"

I'd been hesitant up to that point. Nothing was making clear sense, and I'd been looking up the phone numbers as they were being displayed or given to me. They all came back as either known spam, phishing numbers, or high-risk scam indicators. The callback number the nice woman gave me came back as a known Zelle phishing and fraudulent scam number.

Pretty nice. I told her I'd call her back in a few minutes. Then I called Chase directly and spoke with the delightful Latina in the fraud department, who checked my account, said there was no questionable activity—and most especially nothing to do with Zelle. She asked me to please report the whole thing to [email protected], and I'm going to share that because I was happy to see [email protected].

It made me feel a little better that Chase is actually tracking this stuff—and that they're interested to see what techniques are being used out there. So, if you have a Chase account and somebody identifies themselves as Chase and it's not legit, that's the email. [email protected].

It also made me realize that probably other places have that now too—some way to report phishing. I thought that was a pretty useful piece of information, and right after this, I am going to write to them and give them all the details.

Like I said, it was a pretty slick operation. I could see them having a pretty good success rate—even with fairly tech-savvy people. The whole transfer from one person to the other, and everything else. Different background noises in the two calls—probably both working from home. Nice little side job ripping people off.

But some super big, important points came out of this whole thing. This was a pretty slick two-party operation with escalation between the groups, and knowledge of what each party had said—making it all sound quite official. Like you're really talking to a bank, and they're working with Zelle to try and put an end to this.

Plus, if you were already flustered—they were talking about a pair of transactions totaling $5,000—it'd be easy to mistake their confidence for credibility. There was never any hesitancy in anything they said. And they weren't super pushy—but it was urgent. Very urgent.

It was also very telling that the crook—the one I could identify by name—had a name that was similar to a common name in the country I had just returned from. That may have been a coincidence, but I suspect it was based on recent knowledge of my activities. Do not underestimate the ability of thieves to gather recent knowledge about your life.

If you've had anything questionable happen to your social media account—this happened to a friend of mine, and I've talked about it before. As it turns out, she speaks Spanish as one of her languages. They had people read back through her entire account—months worth of posts—within an hour or so. They found everything that had happened and put together an amazing cover story that they then used to message other people.

They told them some recent information in her life—something that happened to involve me—and claimed she needed these people to send money to help me out. This all happened in under an hour. They went back, read everything—not in English, not in whatever country they were from, but in Spanish. They pieced together this whole story and sent it out, and people panicked. It obviously looked like her—it had all this personal information.

Don't be fooled. Don't underestimate how much information they can gather about you in minutes—if not less than an hour. It was an amazing amount of detail, and I would not be the least bit surprised if someone in the area I had just been in has a little side job passing this information along to various people.

And they can then use that as part of a compelling story to convince you that something illegal is happening with your accounts. If you can't do independent checks on the information they're giving you, don't be bashful about telling them that you will not be providing any information until you can verify who they are.

This is super important: ask for callback numbers—and check them as they give them to you. As the lovely Sierra was telling me how I could reach her back, I was typing that number into Google—which came back as a major spam alert. It claimed to be Chase Bank—which it was not—or Zelle—which it was also not.

Just be very proactive about moving ahead if there are any inconsistencies at all. Don't tell them about the inconsistencies—which I mistakenly did—instead, say you need time to call your bank's fraud department. Although, in my case, it worked out pretty well, since their responses just made it more obvious they were lying.

Do call your bank directly. If they say, "Well, no, you already have the fraud department," then say, "Great. File a case number—we'll pick it up with another person." You really have to be persistent and proactive.

Remember, although it sounds very scary, if your bank or credit card company—or whoever—is doing their job, they'll already be on top of the fraud. And they'll show that there was a fraud call made to you. And if you call back and say, "I want to talk to someone in the fraud department," they'll ask you, "Did you get a call from our fraud department?"

If they don't ask you that, chances are the first person who called you wasn't from the fraud department.

So finally—do call your bank. And once it's confirmed that the original call was phishing for more accurate information, file a report with your bank so they can better intervene and help save others from getting ripped off.

I can't overstate how well done this call was. It sounded very professional. Nobody was in a panic. It wasn't like one of those old-style, bad phishing calls, where it's kind of like, "You have to do this right away—we need money. Your son's best friend was in a car accident and the hospital won't take him unless you send $5,000 right now."

There was none of that. This was all "We're trying to help you. We're trying to help you, Mr. Cranston. This is an urgent issue."

"You don't have to talk to us right now, but if Zelle processes that transaction, that money is gone." Which is also false. But nonetheless, there was this subtle pressure to act.

Don't give in to the pressure. Step back. Say, "I have to call my bank. I have to call my credit card company. I have to call my accountant"—whatever it is. Just say, "Give me a callback number. I'll call you right back."

If it's legitimate, they'll do that. If it's not, then it's probably just a phishing call trying to get banking information from you.

So always be extra careful about giving any financial information to any unknown caller. And remember, it's pretty easy for people to create fake telephone numbers that look completely real.

The number they called me on actually is the phone number for a local branch of Chase. And Chase was very interested that that's the number that appeared on my screen. Because they can stop that with the FCC—it's illegal to do that. And that's a big piece of information for Chase.

Don't just say, "I'm not going to file a report—it's not worth it." Do file the reports. It helps other people, and it helps stop that sort of thing.

But when you first look at it, you think, "Oh my gosh, Chase Bank—the guy says he's from Chase. I have a Chase product. This must be Chase." Just slow down and say, "Why is a local branch calling me? I don't even bank at that branch."

And again—be aware of any inconsistencies. I also immediately tried to call my local office, by the way, to see if they had a local fraud department that had tried to contact me. But of course, the scam happened right after the local office closed for the night—which I kind of figured was the case.

Don't be bashful about trying to check these things out. They are trying to steal your banking information, and once they do, it's a real mess to fix.

Also, if you've ever had any experiences with banking providers about actual or possible fraud, remember how they acted. The bank probably didn't ask for things like your full account number or login credentials. At most, they might've asked for the last four digits of your credit card or account number—or even just the last three, which some institutions now use.

They'll also usually be able to tell you something specific—a recent transaction, a detail about your account. That's how you know it's really them.

I deal a lot with American Express—I've used them for many, many years—mostly because they have incredible, just wonderful fraud detection. And their fraud group is outstanding. They'll verify it's really me by setting up a second call—one that I initiate—to confirm that they're actually talking to me. Then they'll give me transaction details—things I know—to prove that they know who I am and that it really is Amex on the line.

They take other steps too. I'm not going to go into all of them, but they take some pretty good steps to confirm identities both ways—without revealing any confidential information.

My little phishing buddies, though? They could only tell me public information and general account-type stuff—nothing like actual partial account numbers or real transaction history. So be careful. Be calm. Don't be pressured.

They'll tell you it's urgent—but in reality, any financial service that's really your financial service can always immediately decline a suspected fraudulent transaction—with or without your help.

Especially in this case, I had already verbally told them—both those transactions were not mine. I've had no large transactions, no even amounts—absolutely fraud. If those were real, they could've nuked the transactions instantly. They didn't need me to talk to someone else.

If you're unsure how your credit card company or bank would act, don't be bashful—just pick up the phone and call them. Say, "I need to talk to somebody about what sort of information you might ask me if there was a real fraud call going on—because I think I just had a phishing phone call. What would you ask me, and what would you not ask me?"

And also, "What questions could I ask you to confirm that it's really you?" Ask if they have an information page or documentation about what to expect if they ever contact you about fraud.

Billions of dollars are stolen every year—actually, it's probably trillions at this point—and most of it through very authentic-sounding phishing calls. They may establish credibility by providing what's actually pretty available information, like your home address.

Or, if it was from a social media account break-in of some sort—like I mentioned earlier—they'll reference personal information in detail that'll make your head spin. They know more about you than you know about you, in most cases. And they'll use that to build credibility.

Again—just be calm. Tell them you need to confirm with your financial provider. You're going to contact them directly. Take any information they give you, hang up, call your bank, and be glad they didn't trick you or pressure you into doing something foolish.

There's a lot more AI being used these days—and the new AI engines can search the internet, dig through data, and find out things about you that you forgot even happened. They can find pictures of you and see that you were somewhere recently—maybe you just took a trip to Florida or went to Disney World. And the phishers—the people doing these calls—can say things like, "Well, on your recent trip to Disney, did you do any large cash transfers? Maybe to pay for things?"

Again—don't be tricked by superficial things. Get specific financial information from them to prove who they are. Make sure they prove who you are. And just stay calm. Call your bank. Take it from there. Don't be afraid to hang up and tell them you'll give them a call back.

So that's it for the evening. Your homework tonight: contact your financial provider and ask if they have a webpage explaining how a fraud alert call would happen—and what information the bank would and would not ask of you.

Extra points if you also do a quick rehearsal with yourself—go back through some of your spam calls, look up a few of those numbers on Google or whatever your favorite search engine is, and see how many are listed as potential phishing sites. You may be surprised how many times you've already been contacted by someone trying to steal your financial details.

So take care of yourself. Be careful. 

Links to ways to support the people of Ukraine are super important. You can help there at UKR7.com.

Also, World Central Kitchen—another wonderful organization. They come in after disasters and provide basic services and food to people. They do amazing things. They're not a public-facing group; they just come in, do the work, and wherever possible, they try to use local products and produce to support the local economy as well. You can help them at WCK.org.

Two great links. World Central Kitchen is an amazing organization on its own, and UKR7.com has links to a number of organizations doing truly important work in Ukraine and around the world.

But if you don't want to do something on the world or international scale, I'm sure there are many organizations right near where you live—local, state, county. Talk to them. Those people can probably use donations—either in money or in time.

And if you're just not in a position or mindset right now to donate, remember: one of the best ways to care for yourself is to care for others. And it doesn't have to be big. Something as simple as saying, "Good morning," can change someone's day. Just let them know someone's paying attention—that someone cares.

As always, thank you for stopping by. If you found something interesting or useful, please pass it along. Please subscribe, hit that like button. If not, please drop me a comment as to what you'd like to hear. Have a great week. Remember to live the life that you dream of, because that's the path to true contentment. Love and encouragement to everyone.

See you next week on 7EveryMinute and 7EveryMinute.com. Thank you.