It doesn't even matter what the website looks like, that's what trips people up - thinking they have any capacity to judge how legitimate something is from what it looks like. Almost all scams follow this same pattern that everybody should learn:
1) Stranger approaches you
2) They tell you some things
3) They ask for money
That process looks like a legitimate cold-calling salesman, but you can treat them the same way and not miss out. After step 2), assume everything they said is possibly a lie and go find the actual person/organization you already know and trust and contact them yourself to do whatever it is. If it's not somebody you already trust, as in this case, then abort.
I would add a bit of nuance to this. I always say there are three parts of any scam:
1. Claim of authority (timeshare purchase agent in this case)
2. Call to action (send me just a bit of money to sell your timeshare)
3. Sense of urgency (buyer will go with someone else if you don't act now)
You'd be surprised how often all three of these are present in a phishing attack of any variety.
Absolutely. Once had exposure to a sales course at a leading institution and biggest takeaway for me was learning the tactics, to then be able to recognise the tactics when used on me. And when these things all line up, I become deeply sceptical. Examples:
Sense of urgency - limited time offer!
Social proof - everyone else is doing it!
Call to authority - #1 doctor recommended!
For scammers, the way I think about it… there is no choice but to be exceptional at the sales process and understanding what drives people, because there is no product. It doesn’t necessarily indicate someone who is good at sales is a scammer, but seeing these tactics always shifts me into a sceptical mode.
Looking for signs in the tealeaves is risky though. For example, my doctors sometimes sends me text messages saying something like "Hello enigmaflare, your XYZ Medical Center invoice for $83.00 is due in 7 days. Please pay to 01-2345-67890123-00." It's not using salesman tactics, but a scammer could replicate that and collect the money himself.
Another example I experienced was a door-to-door salesman who say your home has been identified by the government to be eligible for a heavily discounted air conditioner installation. Our company is authorized to provide that. There's limited funding available so buy quick to avoid missing out. So it ticks all your boxes but it wasn't a scam and I did buy it and it really was a great deal. BUT I didn't trust a word the salesman said. I checked with the government myself, found their company from the list of authorized installers, and called them back through that channel to order it. That's that part people keep getting wrong. They don't go through another channel to re-contact them.
Authority can just be identity of anyone though. For example pretending to be a relative asking for money for an emergency. And urgency isn't always present, as in catphishing and other long-con scams.
1) Stranger approaches you
2) They tell you some things
3) They ask for money
That process looks like a legitimate cold-calling salesman, but you can treat them the same way and not miss out. After step 2), assume everything they said is possibly a lie and go find the actual person/organization you already know and trust and contact them yourself to do whatever it is. If it's not somebody you already trust, as in this case, then abort.