Beware The Phone Scam
We’ve talked extensively about phishing scams on this blog. Hopefully you remember that phishing is an attempt by a cyber criminal to get you to click on a link that will help them steal your information or hack your machine. But what we haven’t discussed is the new trend of vishing.
Vishing is, essentially, a phone scam with the help of credible looking websites. The criminal calls the target and directs them to a fraudulent website in order to steal their information. This may be logins, passwords, 2 factor authentication credentials, or other sensitive data.
The FBI and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) are warning of the new trend. In mid-July 2020, cybercriminals started a vishing campaign at multiple companies, the FBI and CISA said in a recent advisory.
We’ve learned to check email addresses and hover over links in an attempt to spot phishing scams through emails. This is especially difficult when legitimate companies are reaching out via the phone to customers. PC Matic, for instance, began an initiative reaching out to some home customers recently. So how do you differentiate the real company from the scammers?
First, never give out personal information over the phone. If you didn’t initiate the phone call, most legitimate companies will be understanding that you want to keep your private information private. This includes phone numbers, emails, financial information, or sensitive personal information like social security or account numbers. It also includes anything pertinent to your company.
Second, always go to the verified website for the company. In the address bar of your internet browser, you’ll see a locked padlock. That indicates the website you’re visiting is secure. Avoid going to links sent to you privately. Also, avoid links that don’t match the company.
PC Matic websites, for instance, are from pcmatic.com. We’ll frequently direct comments here on Tech Talk to visit pcmatic.com/support. When you do, you’ll see pcmatic.com as the main site and a locked padlock beside the address. That’s a great indication the site is legitimate.
Finally, since most of these vishing attempts are targeting employees of companies, double checking is key. If you do feel you’re being targeted by a vishing scam, do an independent check. You should have an employee roster by division. A quick email or call to a person in the department the call is claiming to be from can be the difference between stopping an attack and becoming the victim of one.
Ultimately, education is the key component in keeping yourself and your organization safe. The old TV adage still holds true today; the more you know. Keep yourself up-to-date on new scams. Make sure you’re double checking anything that feels a bit “off.” Taking some extra time to verify information will always be appreciated by your organization.
Remember, as we work more from home than ever before, criminals are working extra hard to find a way into our networks. Don’t be the reason your organization gets hacked.
As always, stay safe out there.