Regularly (once a day, often) someone I know over here gets a recorded phonecall about her Amazon Prime account being deactivated. (She, like I have no such account.) Then there's "£600 from your bank account" (
always that value), that the (usually wrong) ISP/phone company is cancelling the respective service, etc etc.
Via email, she gets any number of things (most just Spam, sometimes Amazon/random Bank/etc), every now and then a deliberately[1] mis-crafted ISP services email (correct company, them being clued in by the
name@isp.net address on their records). It's possible - so she asserts - that this all stems from one time she registered her contact details for a supermarket promotion, one time. Hard to tell, as the phone number could have been randomly dialled and found working and her email has appeared on a scrapable online resource (not vastly exposed, but still).
I tended to use the trick of using a different @ on the same domain of mine for all kinds of necessary registrations (easy filter/sort on arrival, and thus tell if a place I registered had leaked/been leaky beyond the anticipated remit. Also got a lot of <randomstuff>@ mail, which indicates fishing (though not necessarily
phishing) for 'other users on my network'.
I really haven't had much via my.mobile (long ago I dropped my landline, which had the occasional "We are Microsoft, your computer has a virus, please give us remote access to your comouter for us to help you", that I know still happens, but
slightly) better scripted to cover a wider range of devices[2]), I keep getting text offers from my service provider about an offer that just does not save me money[3] that are likely genuine, though I also occasionally get a call-centre saying the same thing, supposedly the same company but ask
me how much I spend. Obviously as uninformed as the text-sending system (I respond "I don't really know, but
you should").
Back to the someone-I-know, and cars... Just recently she changed cars and
within minutes of retaxing the new vehicle under her name, at the post office, got a text purporting to be from HMRC (≈IRS) asking her to download[4] a document. Given it was on a server like "government.me" rather than something like "hmrc.gov.uk" it was
fairly obvious non-legit, though forwarded it to HMRC's own anti-Phishing dept. and they confirmed it/hopefully aggressively dealt with the trap-site. And in retaxing she hadn't set down her mobile number anyway (
maybe it leaked from the Insurer or other service, dealt with a day or three before when the purchase was finalised, but could just have been total and utter fluke).
It's that kind of world, though, for neutral or worse.
[1] If you fall for a badly-crafted automated hoax, you're worth their precious time once you get to the human-led attack stage.
[2] I used to boot up my antique Cambridge Workstation, occasionally, though at the time I could have probably gotten away with a Linux machine before I had to start
faking an inability to follow their instructions, and delaying their ability to move on to yet another target person.
[3] PAYG, currently, and I don't spend the amount per month that the move to a contract would cost to give me the unbelievably huge number of free minutes that I mostly would not use anyway.
[4] Like me, her phone
doesn't do downloads, so again we thwart the scammers far too high expectations.