Cybercrime Begins Over the Phone, Too - Don't Let Your Employees Forget
April 19th, 2016 by admin
If you've been a regular reader of our blog, you know we've spent plenty of time discussing phishing, malware, and other cybercrime. It's all part of our modern online world, and we know it will never really go away.
We've talked about the tricks scammers use, from links in bogus emails to simply visiting the wrong website. But don't forget crooks are still stalking victims via good old Ma Bell.
Chances are you've received a phone call pitching one of these common scams—more than once:
- The promise of a lower credit card interest rate or a reduced electric bill… provided you give the caller your existing credit card number(s).
- A call on behalf of one of your family members, requesting wired money to bail them out of a foreign jail. With "people search" sites all over the web, it's disturbingly easy for a scammer to not only obtain your phone number, but also the names of your loved ones.
- And perhaps the most devious phone scheme: the service tech from "Windows" who warns that your PC has been detected with a dangerous virus, which he can immediately remove remotely—for a nominal service fee, of course—or guide you in removing via a removal tool download (which is the actual malware)!
Hopefully, you've learned to recognize such obvious schemes. But businesses large and small are also targets of sophisticated electronic con artists, and it only takes one employee's slip-up to rob a company of anything from confidential information to simple cash.
When to Hang Up the Phone
- Suppose one of your senior executives is speaking at an out-of-town industry conference (information freely available on the conference's website). Your receptionist receives a call from an "event manager" saying they urgently need their email password changed in order to download their PowerPoint presentation within the next half-hour. If it's actually a cyber-crook on the other end of the line, they'll have successfully hijacked that email account—inbox, address book, archives, everything.
- If your accounting team gets a call from an angry "vendor" demanding payment for a mysterious invoice that's suddenly 90 days past-due—for something as innocuous as bottled water or toner cartridges—might they be directed to a bogus payment site to collect a quick payment? Banks usually won't forgive such voluntary gaffes, and if the culprits are outside the U.S., that money is almost surely gone.
We've discussed the necessity of a comprehensive employee security training program. Don't forget to include your employees on the lookout for phone scams as well. Also consider a policy of no password changes without alerting top-tier support of your managed service provider, or supplement usernames and passwords (or even replace them) with two-step verification.
Questions? Contact us today.
Posted in: Security