This is victim-blaming. Companies don't make clear "how things work". I've never once found a web page published by a business that makes clear exactly how they will contact you (e.g. by number xxx-xxx-xxxx for security alerts, from email address foo@company.com for bill payments with a link to company.com/billpay, etc.) so that you can follow that sheet to ensure you're not being defrauded, and that's what's needed.
Perhaps it's time for some regulation - of course, drafted with the extreme care that almost no regulation is written with, but should be...
Funnily I got some emails and phone calls from Amex some time ago that were extremely phishy (like aexp.com), but they happen to have a website listing the domains they use:
No such thing for the phone numbers though, and since they were just regular landlines not recognised by Google and not available through a Google search, I declined to provide them any information.
There absolutely needs to be regulation for that, like there is the "Mentions Legales" or "Imprint" in France and Germany (a website needs to have a page who they are actually, with an address and everyhing).
Oh, this is really interesting, I didn't know that Amex had a page like this! This is useful, maybe I can point my bank toward it and ask them to make a similar page.
As harvey9 says in a sibling comment, "If they publish an outbound number then scammers will spoof it.", so perhaps publishing a phone number isn't useful - but they should actually state that on their web site, as well as providing a protocol that allows the bank/agency/company/utility to authenticate itself to you.
> "Mentions Legales" or "Imprint" in France and Germany (a website needs to have a page who they are actually, with an address and everyhing).
I like this concept - let's extend it to include an authentication protocol, as above.
> As harvey9 says in a sibling comment, "If they publish an outbound number then scammers will spoof it.", so perhaps publishing a phone number isn't useful
Unless telecom operators are forced to take actions to prevent spoofing.
You and your OP both are right. Companies are totally at fault for muddying waters by using the same methods as scammers (or scammers are smart by using surprisingly similar tactics), and Customer too should be aware of situations.
Zelle, Western Union, Venmo, PayPal (family) literally gives you warnings, multiple prompts, to say that it is irreversible, pay it only to known people, dont use it for government payments, make sure to check registered name, and stuff.
We as customers should know that no utility company, gas, power, internet, government offices, their representatives accept or want payments by Zelle. Zelle is great for person to person, or one time cash-like transactions. If one handover wad of cash to a person claiming a utility representative, one would not expect to get that cash back if he was fraud.
Zelle is irreversible by design (unless receiver sends it back). Otherwise what would stop from people using it like credit card chargebacks?. The only time I have heard zelle txn getting reversed is if reciever asks & insists to his bank that this money is not for me, undo this txn. Although there is a variation of fake check scam reverse zelle too. Just liek check, scammers arrange a zelle incoming from victim 1 to victim 2. Then calls victim 2that it was mistake. Please zelle it back to "me". Victim 2 does zelle. Original txn gets recalled because either victim 1 found it or his bank found it. Victim 2 is out of his good money.
Perhaps it's time for some regulation - of course, drafted with the extreme care that almost no regulation is written with, but should be...