It seems that right now phone scam season is going strong! I got 2 calls last week from scammers. I got another scammer call during a meeting last night. Two of my LinkedIn contacts got calls in the past week that they asked me about. A local newspaper columnist got a call from a scammer. As folks are becoming more aware of phishing attempts via email and other types of malware, they are also becoming more lax about spotting phone scams, often stating the belief that most crooks are using online phishing scams instead of any other type of rip-off.
Small and Midsize Business Targets
Small and mid-size businesses are common targets for phone scams. For example, there is a directory entry or unauthorized advertising scam that targets small businesses, trying to bill you for a listing or advertisement in a magazine, journal or business register/directory that, of course, you didn’t make. The scam might start with a bogus international fax, emailed trade directory. The call soon follows indicating you owe money for the ad. If you refuse to pay, the scammers might also try to intimidate you by threatening legal action. Here is a fairly good overview of some common small business scams.
If you are in the U.S., it is good to contact your state Attorney General’s office to report such scams. They should help. For example, the Iowa Attorney General’s office has often helped small businesses with these types of scams in recent years. A couple of other good places to report such scams to include:
- The Better Business Bureau
- The Small Business Association
- The FTC
The following is a list of three types of current phone scams that businesses need to have on their radar. You can see further discussion of phone scams that are targeting individuals in my other blog post that discusses phone scams for individuals.
We’re calling to help you remove malware
There are increasing occurrences of a scam that first found its way to me in 2011. I wrote about it in details in my post, “Cybercriminals Just Came A Callin’ At My House.”
I had a couple of different Linkedin contacts, both small business owners, get in touch with me over the past month describing the exact same type of a call to their business shops, not knowing I’d already experienced this type of call, and asked me if it was legitimate. No, it is not. The callers are basically trying to scare you into letting them “help” you by convincing you they are from a legitimate company, only want to help, and then having you give them unfettered access to your computer, and all the files therein. And then take not only all your data, but also as much of your money as they can possibly then get to.
Read my blog post for the details of this scam. Read also the comments, many of which came from others who were victims of this scam.
Car Warranty
My recent three experiences were all for car warranty phone scams. One call came to my cell phone, and the other two came to two different home land-line numbers, a couple of which are used for my business. They claimed I owed money on a vehicle warranty plan. The problem (for them) was that the vehicle they were calling about was one I traded in two years ago.
The crooks were clever; they made the call appear to be coming from a (515) area code. It sounded like three different people on each of the calls, all with thick non-American accents, and all said they were calling from Iowa. When I asked for their names, all three at first gave only a very American-sounding first name, the first and last callers both using “Randy.” The second caller said her name was Barbie. When I asked for her last name, she paused for several seconds then said, “Mattel. Barbie Mattel.” Riiiiiiiighhhht!
For the “Randy’s” I asked them both, since they both said they live in Iowa, “What is the capital of Iowa? They both paused (likely looking up something). They both answered, “Van Meter.” That is my former address, which they both probably had on their screen along with my other information. I asked to speak with their manager. They said they were not authorized to do that. I then asked them for their phone number so I could call them back. They would not provide one. I then said I was going to report them to the Iowa State Attorney General. They hung up at that point.
Here is some information from the FCC about similar types of car warranty scams.
IRS Imposter
There is a current IRS scam that is hitting a lot folks right now. It’s not new, but it seems to be going through a revived vigor. The scam hit not only a Forbes reporter recently who wrote about her experience, but also a local Des Moines Register columnist, Rekha Basu who also wrote about her experience.
A phone message is left claiming to be a person from the IRS, and gives you a phone number and direction to call back to it as soon as possible. After the person returned the call they are then threatened and harassed into paying a huge fine, using either a wire transfer or a per-paid debit card, or you will face jail and/or deportation. The scam target primarily immigrants, but it can happen to anyone, particularly if you have a surname that seems like it is from another country.
You can read more about this scam at the IRS site (http://www.irs.gov/uac/Newsroom/IRS-Warns-of-Pervasive-Telephone-Scam).
Red Flags for Scam Calls
Here are some of the common signs that a person calling and requesting information from you is likely to be a social engineering crook:
- The call was unsolicited and/or unexpected.
- You’ve never heard of the company or organization the caller claims to be representing.
- The caller has audible irritation, discomfort or anger when you question their authority, ask to speak with their manager, ask for their phone number, ask to call back later, etc.
- They use double-talk to try and confuse you.
- The caller makes excessive claims of authority and threatens you with an IRS audit, a law suit, job termination, or some other bad action if you do not do what they ask
- The caller uses excessive flattery and/or flirting
- The caller drops names, such as for people influential to your business, to impress or intimidate you
- The caller emphatically stresses the undue urgency to do the actions being requested
There are a wide variety of methods used in phone scams. Some involved robo-callers, some involve leaving voice mails, and some involve real people calling you. Knowing the red flags will help you from becoming a victim.
Keep the following in mind when you encounter these red flags:
- The IRS, and other government agencies, will never call you out of the blue; they will send hard copy letters for any communications they have for you. Typically they will only call you to return one of your calls.
- Ask the caller for details about his name, phone number, name of organization, etc. Document what they tell you, including the date and time you are speaking with them. This could be potentially used as evidence if the crooks are ever caught and prosecuted.
- NEVER give out personal information or wire money as a result of an unexpected or unsolicited call if you cannot validate the authenticity.
- If the caller is a bill collector, call the company they are calling on behalf of first to determine if the bill collector really was calling on their behalf. If the collector was threatening or abusive, tell the company of the inappropriate behavior.
Bottom line for all individuals and businesses…
If you get an unsolicited call from someone claiming you owe money and/or threatening you, demanding you provide your personal information, credit card number, or some other type of payment, so NOT do as they say! No matter how much they threaten you. And report the calls to the organizations that are devoted to catching these crooks.
This post was written as part of the IBM for Midsize Business (http://Goo.gl/t3fgW ) program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.
< !– Start of StatCounter Code for Default Guide –>
Tags: awareness, compliance, cybercrooks, cybersecurity, data protection, IBM, Information Security, infosec, Keywords: phone scams, midmarket, non-compliance, personal information identifier, personal information item, phishing, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, robocall, security, social engineering, surveillance, training