A couple of months back my wife was rung up by someone from her mobile phone provider offering her a free handset upgrade by virtue of being a long-time customer.

In order to confirm her identity etc. they asked her to provide the password she uses to confirm her identity when she rings them. Fair enough, I suppose – wouldn’t want to send a free handset to some imposter (hey – it could happen).

It only occurred to me afterwards that this could have been an elaborate sting in order to harvest people’s passwords and account details with the prospect of free goodies as bait.

It wasn’t, but an easy way to tell if it was would be to initially provide an incorrect password when asked. A fraudster wouldn’t know you’d given them the wrong password. If the person on the other end of the line starts complaining then there’s a good chance they’re legit.