> Hang up and call them back at the number you normally use to reach them, from their website or the back of your credit/debit card for example. Make sure you're talking to the people you think you are.
This is not foolproof either. In some older landlines even hanging up doesn't necessarily disconnect you.
This means an attack works like:
1. Attacker dials their victim, alleging to be "Interpol", "VISA Card Services" or some other similar thing.
2. Victim takes this advice, "hangs up" and picks up and dials back.
3. After victim hangs up, attacker plays dialtone noise down the line, which they have not disconnected.
4. Victim picks up and "dials" the actual thing they want to be sure of, but is really just listening to a fake call the attackers play to them.
5. Attacker answers "Thanks for calling X".
This isn't to my knowledge true of mobile calls but it's important to know it's not foolproof either.
This is not foolproof either. In some older landlines even hanging up doesn't necessarily disconnect you.
This means an attack works like:
1. Attacker dials their victim, alleging to be "Interpol", "VISA Card Services" or some other similar thing.
2. Victim takes this advice, "hangs up" and picks up and dials back.
3. After victim hangs up, attacker plays dialtone noise down the line, which they have not disconnected.
4. Victim picks up and "dials" the actual thing they want to be sure of, but is really just listening to a fake call the attackers play to them.
5. Attacker answers "Thanks for calling X".
This isn't to my knowledge true of mobile calls but it's important to know it's not foolproof either.
There's some discussion of that here: https://security.stackexchange.com/questions/100268/does-han...