A popular weapon used by scammers and threat Actors is to claim to be with a known technical support company. They use a variety of methods to trick even the savviest user into believing there is a problem needing immediate attention. So, how do you know the caller is really who they say they are?
Recognize Scam Methods:
Phone Scam: You receive a call from someone claiming to be with a technology company. This will range from a global brand like Microsoft to a regional brand like Diversified Computer Resources (DCR). The caller may ask to speak to one of your employees by name. They may claim there is an urgent problem and they need your assistance to gain remote access. Is it real or a scam?
- The chances that a global technology company is calling to provide you with technical support is zero. Hang up.
- If the caller tries to create a sense of emergency about something you do not usually deal with, hang up and call DCR at our daytime phone number.
- If the caller claims to be with DCR, a foreign accent is a red flag. Hang up.
- Caller ID can be helpful. Calls from DCR will originate from the 918 area code.
Voice Cloning: In this scenario, artificial intelligence (AI) is used to clone a person’s voice, and then an AI-powered bot conducts a targeted, automated voice phishing (vishing) attack to trick victims into revealing sensitive information. What are the indicators that the caller is an AI bot?
- Unusual digital background noise or speech pattern can be detected – like subtle static or unusual pauses in sentences
- Knowledge of the subject being discussed is limited. Perhaps the AI bot has your name, the name of the company they claim to work for, and a valid invoice number, but if you ask for details of the invoice, the AI bot may fail or try asking you a question rather than answering you.
- Inability to answer off-topic questions, such as ‘Where are you located?’ and then ‘What is the weather like there today?’. An AI bot response may be, “Can you please rephrase the question?”
What Action Do You Need to Take:
-
- Implement Multi-factor Authentication for your personal social media, email, and websites, as well as all business-related email, applications, and websites.
-
- Train your employees by subscribing to a professional grade training service focused on cyber security.
-
- Establish protocols for sharing privileged information that include confirming all financial transactions through a normal channel. That may be in person or by phone call to a known good business number. Remember, cell phones can be compromised.
-
- Encrypt data at rest and in transit, and never email privileged information in unencrypted form. Never reply to an email requesting privileged information without calling a known good business number to confirm the legitimacy of the request. Remember, cell phones can be compromised.
-
- Limit the information you share publicly in your personal social media. That information can be compromised and used in a cyberattack on your business.
What to Expect from DCR:
We will not call you requesting personal data (social security numbers, driver license numbers, personal bank or credit card numbers.
We will not call your business requesting federal employer ID numbers.
Only one person in our accounting department will contact you to request bank or credit card information to pay for subscriptions and services. If you are not 100% confident who you are speaking with, hang up and call back at our main number to continue the conversation.
We do not take ACH bank information over the phone but rather through a form that must be faxed back to us.
Our engineers may confirm your credit card information if they are assisting you in processing the renewal of a third-party application or domain registration. This will be the assistance you have requested. If you are not 100% confident who you are speaking with, hang up and call back at our main number to continue the conversation.
Our staff will not ask you to call them at a cell phone number or from a different area code during our regular business hours. If you have an emergency and are working with an engineer after hours, they will provide you the cell phone number to use.