Connect With Us!
A Phone Call At My Workplace Prompted Me To Write This
Last week, towards the end of a workday, I heard our Receptionist take an incoming call that pricked my interest. She was obviously having trouble hearing the caller, and sounded a bit confused as to what the call was about. After it ended one of our engineers, who also heard it, came up to warn our Receptionist the call was probably malicious.
What Makes A Call Malicious?
Information is a pivot point for scammers: they need information to conduct a scam and it’s your data – client contact information, accounts details, employee names, titles, etc – that scammers use to defraud you and others connected to your business.
Social media is a big ‘harvest’ point for scammers, because it’s an intrinsic way most of us conduct and grow our businesses. Do you have a website? Does your business maintain a Facebook, Twitter or LinkedIn page? That’s smart marketing, but it also gives scammers baseline information they can use to begin formulating an attack against your business or employees.
For example, a scammer gets an employee’s name, possibly their title from social media or your website. All businesses publish their main contact number – how else would people get in touch with us? Armed with these basics, a next step is ringing Reception to collect more information.
Most Receptionists have an inbuilt radar for detecting and blocking unknown callers who ask for “the person is charge of ——“. One way scammers look to get past a Receptionist is by conducting their call over a ‘dodgy’ line, hoping line ‘noise’ (static) will distract the Receptionist enough to get what they are after.
TIP: Never answer open questions such as:
- When does so-and-so leave the office?
- When is she in the office?
- What is their email address?
These questions give away information you don’t want a scammer to have. So here are some simple tips to help your Receptionist be security-aware and manage odd calls:
- If a line is bad, politely ask the person to ring back and then hang up.
- When a caller asks for specific information about a someone in your company, such as their title, working hours, days, etc, do not give it to them. Instead, ask them to send you an email.
- If they do follow up with an email request, you can then carefully check their email address – not their display name – to see if it is from a legitimate domain.
- When it comes to checking emails, it pays to be cautious about ones purportedly from a business, vendor or potential client that has not come through a domain to them. Eg, If ‘Emma’ from ‘Australia Post’ emails you from a Gmail domain, it’s highly likely you’re being scammed. Australia Post have their own domain name and wouldn’t be sending emails via Gmail.
Keeping your business and data safe is a team effort. Whilst technology plays a part, if your team is security-aware, they will play a huge part in being a first-defense for your business.