PrymoSec
Back to Blog
Practical Tips

5 Questions to Ask Before You Trust That Email, Text, or Phone Call

A simple, shareable checklist that could save your business thousands.

November 28, 20253 min read

Scams work because they look legitimate. That's the whole point—if they looked suspicious, nobody would fall for them.

So how do you tell the difference between a real request and a scam?

Start by asking these five questions. They take seconds, and they could save you thousands.

Question 1: Is this unexpected?

Did you receive this message out of the blue? Were you expecting this communication?

Scam signal: Messages you weren't expecting, especially ones involving money, credentials, or personal information.

What to do: If you weren't expecting it, verify before acting. Scammers count on catching you off guard.

Example: An email from your "bank" asking you to verify your account—when you didn't initiate any request—is suspicious even if it looks legitimate.

Question 2: Is there unusual urgency?

Is the message pressuring you to act immediately? Does it create consequences for delay?

Scam signal: Phrases like "urgent," "immediate action required," "your account will be suspended," or "respond within 24 hours."

What to do: Slow down. Real emergencies are rare. Real organizations allow time for verification. If someone is pushing you to act before you can think, that's intentional.

Example: "Your account will be closed if you don't verify your information in the next 2 hours" is almost certainly a scam. Real banks don't operate this way.

Question 3: Does the request make sense?

Step back and think about what's being asked. Does it fit normal patterns?

Scam signal: Requests that are unusual, out of character, or outside normal procedures.

What to do: Ask yourself, "Is this how this person/company normally communicates with me? Is this request consistent with how things usually work?"

Example: If your CEO has never emailed you directly about financial matters before, why would they start now with an urgent wire transfer request?

Question 4: Can I verify this independently?

If you called the person or company directly—using contact information you already have, not what's provided in the message—could you confirm this is legitimate?

Scam signal: Messages where verification is difficult or discouraged. Requests for secrecy or confidentiality.

What to do: Always verify through a different channel. If you get an email, call. If you get a call, hang up and call back using a number you look up yourself.

Example: An email asking you to update payment information should always prompt a phone call to your contact at that company using a number you already have on file.

Question 5: What's the worst case if I wait?

If you take 10 minutes to verify before acting, what's the real consequence?

Scam signal: Manufactured consequences that don't withstand scrutiny. In most cases, legitimate requests can wait a few minutes for verification.

What to do: Ask yourself what would actually happen if you paused to verify. Usually the answer is "nothing bad." If the request can't wait 10 minutes, that's suspicious.

Example: A real vendor won't mind if you call to confirm their new banking information. A scammer will create pressure because they know verification will expose them.

The Simple Rule

When in doubt, verify through a different channel.

That's it. That's the whole rule.

  • Email asking for something? Call to confirm.
  • Phone call requesting action? Hang up and call back using a known number.
  • Text message with a link? Go to the website directly, don't click.

This simple step catches the vast majority of scams because scammers can't control both channels simultaneously. They can fake an email from your bank, but they can't answer the phone when you call your bank directly.

Share This List

Feel free to share these questions with your team, your family, your friends. Print them out. Post them somewhere visible.

The more people who ask these questions, the fewer people fall for scams.

When to Be Extra Careful

Be especially vigilant when:

  • Money is involved. Wire transfers, payment changes, gift cards.
  • Credentials are requested. Passwords, PINs, verification codes.
  • Personal information is asked for. Social Security numbers, account numbers, addresses.
  • The request is unusual. Anything outside normal patterns.
  • Urgency is emphasized. Pressure to act now.

These are the situations where scams cause the most damage. They're also where these five questions are most valuable.

Practice Makes Permanent

The goal isn't to become paranoid. It's to make verification automatic—as natural as looking both ways before crossing the street.

The more you practice asking these questions, the more instinctive they become. Eventually, you won't have to consciously think about them. You'll just naturally pause before acting on unexpected requests.

And that pause—that moment of reflection—is what keeps you safe.

Train your whole team

PrymoSec teaches your employees to ask the right questions automatically. Our training covers these concepts and more, with practical scenarios they'll actually encounter.

Give your team the tools to protect themselves—and your business.

Start training today →

Found this helpful? Share it with a fellow business owner.
Previous Article

You Lock Your Doors at Night. Are You Locking Your Business Online?

Next Article

Why 'My IT Guy Handles That' Isn't Enough Anymore

Ready to Protect Your Business?

Give your team the training they need to spot scams and protect your business.