Part 1: Recognizing Scams & Social Engineering

How I Taught My Mom to Spot Phishing and Phone Scams

looking-through-glass-cat.png

🗺️ Series: OverviewPart 1: Recognizing Scams (current page) • Part 2: Essential Tools →Part 3: Network Security →Part 4: Daily Habits →

⚠️ Disclaimer

I’m not a certified security professional or lawyer. I’m just sharing my experience and security habits - things I try to follow myself and urge my mom to practice as well. This is not a professional security consultation, nor a legal advice. Your situation may differ. When in doubt, consult with qualified paid professionals.

The most sophisticated security tools in the world won’t help if people fall for scams. The weakest link in security is almost always the human. Hackers know this, which is why they spend more time trying to trick people than trying to break through firewalls.

This post covers the most important skill in cybersecurity: recognizing when someone is trying to manipulate us.

🎯 Golden Rule

If something sounds too good to be true, it probably, most likely, definitely - is.

1. I Trust My Gut Feeling

Remember “Floor is Lava”? That’s how I treat suspicious emails.

Email & Phishing Red Flags

  1. I don’t open suspicious emails and links. Phishing attacks are the #1 way hackers get into accounts.
  2. Gmail and Outlook catch most spam, but they’re not perfect. I still check everything.
  3. I check if I’ve been hacked: I visit Have I Been Pwned every few months to see if my email/password leaked in any data breaches.

What I Tell My Mom to Look For

Red flags in emails:

🔑 Key Trick

Hover your mouse over links (don’t click!) to see the real destination. If it looks suspicious, it probably is.

Hacker cat carefully examining something through glass

2. If It Sounds Too Good to Be True, It Probably Is

I don’t trust messages on the Internet - Facebook, LinkedIn, X (Twitter), WhatsApp, Instagram, TikTok, whatever.

Scammers use social engineering - psychological manipulation to trick people into trusting them.

Common Social Engineering Tactics I’ve Seen

“You won the lottery!” - No, they didn’t. “Click here to claim your prize!” - I tell Mom: don’t click. “Your friend sent you money!” - Did they though? I call them directly. “Hot singles in your area!” - Classic scam. “This one weird trick…“ - Nope.

These scams are designed to bypass our critical thinking - I’ve seen very smart people fall for them when caught off-guard.

3. When I’m Not Sure About Something

If I have doubts about an email or attachment, here’s what I do:

  1. Scan it with my antivirus
  2. Check it with VirusTotal (free file scanning service)
  3. Ask someone tech-savvy
  4. I don’t open it until I’m sure it’s safe

Hacker cat opening a suspicious physical mail envelope

💀 Real Attack

My friend’s company lost $50,000 because someone in accounting opened a fake invoice attachment. The invoice looked perfect - same format, logo, everything. The only difference? The email address was off by one letter.

4. What I Never Give Out

This is so important, I told Mom twice.

I Never Share

Especially Important

  1. If the call was unsolicited - What I do: I never trust inbound calls about security. If “my bank” calls me, I hang up and call them back using the number on the back of my credit card.

  2. Only use PUBLICLY published contact info - I only call numbers from the back of my credit card or the bank’s official website. Random 800 numbers? Nope.

  3. Security questions - I’m careful not to post security question answers on social media (school name, pet’s name, hometown, etc.).

🔐 Lock This Down

Banks never ask for passwords, PINs, or full card numbers. If someone claiming to be from my bank asks for these, I know it’s a scam.

5. Are You Bernie Madoff?

Cat Hacker in Headphones

If not, chances are the FBI, IRS, and Royal Canadian Mounties are NOT after you.

If They Are Actually After You

They will:

They Will NOT

  1. Call over a staticky international line with a robo-call
  2. Ask for SSN, birth certificate, or personal info over the phone
  3. Accept payment via credit card or Zelle transfer
  4. And they will definitely not ask for Target or Walmart gift cards

🚩 Red Flags

  • Robo-calls claiming to be from government agencies
  • Threats of immediate arrest or legal action
  • Demands for immediate payment
  • Requests for gift cards or wire transfers
  • Pressure to act quickly without thinking

What I do: Hang up. Look up the official number. Call them back.

6. What I Made Mom Repeat Out Loud

“I do not give out any security information.”

I made her say it twice.

Yeah, it sounds silly. But it works.

Real-World Examples I’ve Seen

The Grandparent Scam

Someone calls claiming to be a grandchild, saying they’re in jail and need bail money. They sound panicked. They beg people not to tell their parents.

What I told Mom: Hang up and call me directly. Or call the “grandchild” at their real number.

The Tech Support Scam

“This is Microsoft calling. Your computer has a virus. We need remote access to fix it.”

What I told Mom: Hang up. Microsoft doesn’t call random people. Neither does Apple.

The Package Delivery Scam

“Your package couldn’t be delivered. Click this link to reschedule.”

What I do: I go directly to the shipping company’s website. I never click links in texts.

Teaching This to My Mom

Here’s how I explain social engineering to my mom:

“Mom, scammers are like really good salespeople. They make you feel urgency, fear, or excitement so you act without thinking. The moment you feel rushed to make a decision, STOP. That’s when they’ve got you.”

We have a code word. If something feels off, she sends me the code word and I call her immediately to talk through it.

What I’d Do First If Starting Over

If I were starting fresh, here’s what I’d focus on first:

More Resources

Published
Hacking | phishing social engineering scams cybersecurity
phishing social engineering scams cybersecurity