Why Scammers Know So Much About You — And How They Use It
The Fake Call That Seemed Too Real
When Familiar Details Become a Weapon
It started with a phone call that seemed completely ordinary.
“Hello, Mrs. Patel? This is Michael from your bank’s fraud department. We’ve noticed unusual activity on your account. Did you recently make a $1,200 purchase at an electronics store?”
Mrs. Patel’s heart skipped. She hadn’t bought anything like that.
To make things more convincing, “Michael” confirmed her home address and her birth date — information she assumed only her bank would know. He explained that to reverse the charge she would need to verify her identity by providing her credit card details and bank login and password. Feeling anxious, she did as he asked.
The caller thanked her and assured her the issue would be fixed. But a few hours later, Mrs. Patel could no longer access her bank account. Soon after, she began receiving notifications showing thousands of dollars being transferred overseas.
What Mrs. Patel didn’t realize was that the scammer had obtained her personal information from a previous data breach and used it to sound legitimate. Everything about the call was fake. She had just been scammed.
Our Data Is Everywhere
In today’s connected world, privacy has become one of the hardest things to protect. Every time we shop online, stream a movie, use a credit card, drive on the highway, or use a mobile app, our information is being collected, analyzed, and shared.
Much of our personal data may also exist as public record — stored in voter registration databases, tax records, or home purchase filings. Even something as simple as walking through a parking lot can involve being recorded by security cameras or modern vehicles.
Regardless of who is collecting the information or why, the result is the same: massive amounts of personal data are stored in databases around the world. Once that data exists, it can be stolen, sold, shared, or misused. Achieving true privacy is nearly impossible.
Just Because They Know You Doesn’t Mean They’re Legitimate
Attackers often use accessible personal information to make scams feel more believable. For example:
- A scammer might call pretending to be from your bank and confirm your home address before asking for your account number or login details.
- An email may include your full name, phone number, and birth date to appear legitimate.
- A text message may look like it’s from a car warranty service, complete with details about the make, model, and year of one of your vehicles.
The truth is, having personal information about you doesn’t make someone trustworthy — it only makes them more convincing. Always treat unexpected messages, calls, and emails with skepticism.
If something feels urgent or threatening, hang up and contact the organization directly using a phone number you know is legitimate.
Watch Over Your Money — This Is Where Fraud Begins
Since you can’t protect all of your information, early detection becomes your strongest defense. Monitoring your financial accounts allows you to catch suspicious activity before real damage occurs.
- Set up alerts. Enable instant notifications for transactions, withdrawals, or login attempts on your bank and credit card accounts.
- Review accounts regularly. Even with alerts, take time each week to review balances and recent activity.
- Freeze your credit. Depending on your country, you may be able to freeze your credit to prevent new accounts from being opened in your name.
Perfect privacy is no longer achievable. But staying alert, asking questions, and actively monitoring your accounts can significantly reduce your risk.
Guest Editor
Dr. Litany Lineberry is Secretary of the WiCyS Education and Training Affiliate and holds a Ph.D. in Engineering with a cybersecurity focus. She teaches Information Systems Technology courses at Hinds Community College and supports WiCyS’ mission to recruit, retain, and promote women in cybersecurity across all sectors. linkedin.com/in/litany-lineberry
Resources
- How Cybercriminals Exploit Your Emotions
- How Cybercriminals Steal Your Passwords
- Locking Down Your Financial Accounts
OUCH! is published by SANS Security Awareness and distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it.
You can find more OUCH! newsletters at sans.org/newsletters/ouch.