The Phone Call That Wasn’t Real: A CyberSafety Story to End the Week

We’ve talked about phishing emails, fake Wi-Fi, and even malicious USB drives.

But today’s story is the one that scares people the most — because it feels so personal. 

Let me introduce you to Robert.

Robert’s a small business owner. Smart. Organized. Nobody’s fool.

But one Friday morning, he received a call that nearly cost him everything.

“Hello sir, this is Amazon Fraud Prevention…”

The voice on the phone was calm, professional, and polite.

“We’ve detected unauthorized purchases on your account.

I’m here to help verify the charges.”

Robert had actually been dealing with billing issues on Amazon that week, so the timing felt perfect.

The caller continued:

“Before I can check your account, I’ll need to verify the card ending in …42.”

That was the moment Robert froze.

Because that WAS the last two digits of his real card. 

The scammer wasn’t guessing — he already knew.

How Scammers Make These Calls So Convincing

This wasn’t a random cold call.

It was a voice phishing attack — also called vishing.

The scammer had:

• Robert’s name

• His phone number

• His approximate location

• The last two digits of one of his cards

• His real Amazon order history (scraped from an old breach)

All of this information came from old data leaks floating around online.

To Robert, though, it sounded like the real Amazon calling.

And that’s exactly what the scammer wanted.

The Red Flag Robert Almost Missed

The caller asked him to “confirm” the full card number.

That’s when it clicked.

Robert said:

“If you’re really Amazon, shouldn’t you be the one confirming things?”

A long pause.

Then the scammer hung up.

Robert called me immediately because he wasn’t sure what had just happened — only that it felt wrong.

What We Did Next

We walked through everything together:

• changed passwords for his email and Amazon

• enabled two-factor authentication everywhere

• checked for unauthorized login attempts

• pulled his info from Have I Been Pwned

• reordered a new credit card

• set up call protection and spam filters

• reviewed what to say when ANY company “calls” for security

Thankfully, he never gave up any information.

But it was close.

Much closer than he was comfortable with.

Three Lessons From Robert’s Close Call

1. Companies never ask for your full credit card number

That’s an instant red flag.

2. Caller ID can be faked — easily

Scammers spoof real business numbers all the time.

3. Hang up and call the company directly

Use the number from their website, not the one from the caller.

CyberSafety Week Takeaway

The threats this week weren’t about computers — they were about people.

Scammers don’t need hacking skills when they can trick someone into giving away information.

If you ever get a call about fraud, billing, or account issues:

Hang up.

Call the company yourself.

Verify everything. 

If you ever feel unsure, I’m always here to help you sort it out.