Concretely, the way to respond is this:
If you ever get a call that claims to be from business X, tell them "OK, I'll call you back." Then get off the phone, look up the number for X yourself, and call them. If it was really X calling you, you'll get back to where you need to be. If it was a scam, X will tell you they don't know what you're talking about.
Never trust that a cold call is from who they say they're from.
They even spoofed the number of an actual police station and said, "Google the number on your caller ID to see we are legit". Obviously, call them back yourself.
7 years was not enough for ruining peoples lives.
1.) be relevant to a police investigation
2.) be registered or associated with individuals
3.) have few enough of an exact thing in an area for the manual checking to be effective
Good example would be someone claiming to be your ISP apologizing for recent slow internet speeds (when doesn't this happen), and wanting to confirm you're now happy and not experiencing slow speeds. Why would you doubt this and go to the trouble of calling back?
The other problem is businesses being so extremely dumb. I've had and heard of man cases of Banks calling people, asking them verification questions on cold calls and offering no way to call them back. Not just stupid in that it limits your strategy, but it actually trains people to be more vulnerable to scammers.
If you call the same number the next day the real institution is going to answer, but nobody knows a thing.
Apparently, in some cases, they can hijack the phone number of an institution, but only for the specific caller that they are applying the scam. If someone from another context call the same number it goes to where it's supposed to be.
It's becoming more normal than ever down here... Happened next to me.
We are entering the age of personalized crime, targeted and framed just for you, considering your personality and necessities.
Someone from Mexico answered and initially it sounded very similar to what PayPal employees really say. It took like two minutes before I was really suspicious. I was really tired that day and didn't want to walk though so I kept trying to give them the benefit of the doubt. But a few minutes after that they actually asked me to go into 7/11 and buy a Google Play card for $150 or something. At that point it was just really obviously a scam and I decided to walk home. Called the real PayPal from my computer using the US area code.
Conman calls a landline, starts conversation with "please call the bank back, im putting down the phone now" and ... just plays Dial tone. The trick is call ends only when the person who started it hangs up.
If they want to leave their line open "for a few days"... then good luck to them. :)
The idea was, maybe you dropped your phone and didn't mean to hang up and this gave you time to rectify your mistake without having to redial.
Scammers started exploiting this and the timeout was reduced to the order of a few seconds. Count to five after hanging up and you can just about guarantee that's a real dialtone.
implementing logic/timers with cogs is impractical.