Many of us have become more aware of dodgy phone calls and emails in the last year. However, as time progresses scammers are becoming more and more sophisticated. Vigilance is a must at all times. In this blog post, we want to give you a real-life example to help prevent you from falling victim to sophisticated scammers.
A call was put through to Support from an individual who provided a name. They claimed to be an IT provider for a client firm and explained they had suffered a cyber-attack and the attackers had some of their bank statements and financial documents. They also advised that the attackers had their Microsoft Office credentials and login details. The reason they gave for contacting us was that they wanted to tighten up security and needed to know more about Keyhouse and its login/security procedures. Our teams followed their standard procedures and identified this as a phishing attempt.
Let’s look at the above incident and talk about the red flags that you need to be aware of if this happens to you so that you don’t become a victim of sophisticated scammers.
A call was put through to Support from a man who provided a name. He claimed to be an IT for a client firm and said they had suffered a cyber-attack and the attackers had some of their bank statements and financial documents. He claimed that the attackers also had their Microsoft Office credentials and logon details. He wanted to tighten up security and asked to know more about Keyhouse and its login/security procedures.
Highlighted are some of the key points that need to be considered to prevent yourself from falling victim to scammers.
- You’ve been given a name; can you verify that name?
- Tightening up security – is this person authorised to discuss the firm’s security?
- Logon/security procedures – never discuss security procedures or disclose credentials with somebody who is unauthorised
If unable to satisfy that the person is authorised to have a conversation about security/Keyhouse, escalate the situation, ring the company they are pertaining to be from and find out if this person works there. Find out also if they have permission to be engaging in such communications. Stay vigilant and escalate any unusual calls or emails to your manager.
These types of phishing attempts are known as vishing or spear vishing, where the attacker provides information such as a name, place of work or other information that would appear to validate what they are doing. These attacks highlight the importance of investing in your team’s cyber security awareness and education alongside the firm’s security measures.
To learn more about types of phishing attacks click here.
