Compliance Chronicles – Volume 9 – Q3/Q4 2025 – Callback Phishing + More

What Is Callback Phishing?

Have you ever received an email telling you to call a phone number? Calling a phone number may seem safer than clicking on a link, but that’s what makes this tactic so effective. In callback phishing scams, cybercriminals send you an email about something urgent, such as a fraudulent charge or a vital software update. What makes this tactic unique, is that the email includes a phone number that you are prompted to call.

What Happens If I Call?

Cybercriminals use callback phishing scams for their own malicious purposes. If you call the number in the email, cybercriminals will try to trick you into revealing your sensitive information. They may use an automated voice message that prompts you to enter sensitive information, such as your credit card number or social security number. Cybercriminals can also try to trick you into downloading malware. To do this, they’ll actually answer the phone and walk you through the process of downloading malicious files onto your device.

What Can I Do to Stay Safe?

Follow the tips below to stay safe from callback phishing scams:

• Think before calling unknown phone numbers. Verify that a phone number is legitimate by navigating to the organization’s official website.
• Before sharing sensitive information over the phone, ask the caller to tell you what information they have on file. If they can’t prove they are legitimate, hang up.

Watch out for a sense of urgency in emails. Phishing attacks rely on impulsive actions. So, always think before you call.

Social Media Account Spoofing

Social media platforms such as Facebook, Twitter, Instagram, and LinkedIn are wonderful tools for staying connected. Unfortunately, these platforms are also wonderful tools to manipulate and phish unsuspecting users. One-way cybercriminals use social media to their advantage is through account spoofing.

Account spoofing is when a scammer copies information from a social media account, such as the user’s name, location, and photos, to create a look-alike account of that user. And then, from the spoofed account, the scammers send connection requests to everyone on the original account’s list. Sometimes they even message these users with an excuse, such as “Sorry, I got hacked and had to make a new account!”, to make the request more convincing.

How Can I Spot a Spoofed Account?

We tend to trust the people we are connected with, so the bad guys exploit this trust to phish for sensitive information, share malware, and even request money. It can be tough to tell if a social media account is authentic just by looking at it. Luckily, scammers like to make the first move. Keep the following in mind:

• Be cautious of any links sent through social media. Especially those that are off-topic, unusual, or outlandish such as gossip videos, dramatic news articles, or fabulous prizes.
• If you’re being asked for money—it’s probably a scam. If you feel the request may be legitimate, validate who you are speaking with and request proof of their claims.
• Don’t trust connection requests or a suspicious message from someone who you are already connected with. Before responding, try to contact the person through a different form of communication like phone, text, or email.
• If you suspect that an account is a spoof of a real account, alert the owner of the legitimate account and report the suspicious account to the platform’s customer service department.

How Can I Prevent My Account from Being Spoofed?

Keep your friends, followers, and reputation safe by following these tips:

• Keep your account private. While this doesn’t hide your information completely, it greatly reduces your chances of being spoofed.
• Social media platforms have numerous security options that can easily be overlooked. Review and edit your privacy settings to be sure your information is kept private.
• Only accept connection requests from people you know and are comfortable sharing your posts with.
• If you suspect that your account has been spoofed, contact the social media platform’s customer service department.

Marketing in IntegrityCONNECT

We want to remind you that all marketing in IntegrityCONNECT is compliant and approved by CMS. During AEP and throughout the year, IntegrityCONNECT’s marketing can make it easier for you to market your services to potential clients and keep you compliant every step of the way.

Here’s how you can start using IntegrityCONNECT marketing right now:

• Automated Marketing to send compliant marketing messages to your clients via email or text messages
• Leads where you want them — Search for leads by geography, lead type and lead source with our easy-to-use heat map
• Get leads your way — Choose from Realtime lead campaigns, customizable direct mail campaigns or on-demand leads
• Work smarter not harder — Leads purchased automatically flow into your CRM so you can easily manage the relationship from lead to sold

Learn more about IntegrityCONNECT here.

 If you have any questions, please don’t hesitate to reach out!