As the owner of your company, you arrive to work and speak to your office personnel and they inform you that the IT guy just left prior to your arrival. You asked what IT guy and they explained the one who fixed the computers??? You realized that you never requested for any IT services and your computer information has just been compromised. Welcome to Phone Phishing Scams!
Rewind…2 days before! Your office personnel gets a phone call explaining they noticed a virus in the system, the system was running slow and if they noticed it.
The perpetrator…sounding official…tells your personnel he would have to come in and look at the computer system and will be in to service the system in two days. Not knowing this information wasn’t true, your unsuspecting personnel thinks nothing about it and doesn’t contact you.
NOW, I could tell you about all of the various phone phishing scams that I am familiar with or we can dive into bringing effective solutions!
What Are Phone Phishing Scams?
Phone phishing scams come in multiple schemes and if your business procedures are not in place, this could be the story of your bad experience.
The intent and purpose of the phone phishing scam is to gather information they would not ordinarily have any knowledge of or to get you to perform some type of action.
The second purpose of phone phishing scams is to then take the information and exploit it.
These calls play on emotions, lack of knowledge, no clear policy and procedures.
Policy and Procedures
- Document and Implement clear cut policies for your company.
- You and your personnel must know how to release information, without feeding information to the wolves. Only designated personnel should authorize the release of specific company information.
- Who is authorized to release private/specific information?
In another article, I discuss the specifics on how to release information, documents, and video, you can read that article here.
Gathering Information
Whenever you or your personnel suspect someone is trying to gain access through a phone phishing scam, gather as much information possible during the phone call.
Information such as the number which they are calling from.
What information are they asking for?
How does the caller sound? American, Caucasian, Hispanic, African American, Asian, etc.
Get names, call back numbers, and the name of their so-called company if possible.
After you have gathered pertinent information, create a file, and share that information with ALL personnel who communicates with the public.
Know your Contractors and Vendors
You and your personnel should know who your contractors/vendors are and who you do business with. If you have your policy and procedures in place for contractors, you will already know who to contact for specific work.
You should never have any surprise visits providing any unrequested services.
Access Control
Create, Document, and Implement effective access control policy for ALL personnel and contractors.
Contacting Law Enforcement
If you think your business information has been compromised through a phone phishing scam of some sort, contact your local law enforcement and get a police report.
