A thought entered my head the other day around the way phishing phone calls have evolved, and the almost convincing subject matter that is being spoken.
I operate and manage a Cybersecurity company and like to think that I keep my eye on the ball when it comes to potential phishing calls, and to be honest the calls we used to receive have pretty much dwindled away.
So, imagine my surprise today when I received a call from a slightly worried lady expressing her concern that my computer was currently downloading unauthorised software, and the potential impact it was about to have on my PC.
I continued the conversation to confirm her details and the company she represented; along with what this ‘so called’ unauthorised software download could be….
…throughout the conversation she kept emphasising that the download is near complete and I should take immediate action. Upon my response with “Wow, that’s amazing, how do you know this…” there was silence as the phone line cut. (Remember that the caller is taking a chance on you being in front of your PC, and that the PC has revealed your phone number…Really?)
Pretty expected outcome really, but for every 100 calls, there must be a few ‘takers’ and are now experiencing a slow running PC, malware or virus infection, or a financial loss due to a piece of ‘preventative software’ being purchased and installed.
A typical scenario in the corporate environment might be an IT support technician calling you to ask for your account details or password, such as:
“Hi, I’m from IT, we have just completed an upgrade on the file server and inadvertently disabled all user access – I am sure you appreciate the urgency with rectifying this situation, and we are asking you to provide your user account details so we can get you working as quickly as possible again…”
One of the best ways to minimise these threats, is to adopt some form of Staff Security Awareness training. If this is carried out at regular intervals, then your staff can be kept up to date with the latest emerging threats, and react accordingly.
It pays to keep your staff aware of the potential risks, as it only takes one user to allow a rouge caller to open a remote session and implement malware, virus, etc onto your network.
For guidance on Cybersecurity, Data Protection or Compliance, please get in touch for a no obligation chat.