Cyber-Scammers Step Up Volume of Robocall Schemes During Holidays
What's worse, unfortunately, is that the scammers are now apparently in league with the same people who try to plant malware on your computer using phishing schemes you've heard about. These schemes usually start with an email that requires you to click on a link that seems to be legitimate, but that instead installs malware on your machine. Unfortunately, an attacker can move beyond phishing if that's proven ineffective, and use that tech support scam phone call instead. This works because many companies, in an effort to provide good service, put their employee phone books online. This means that the scammer knows whom to call and who to pretend to be when someone answers the phone. Preventing this is certainly possible. First, your employees need to know that Microsoft will never call them to tell them that they have malware on their computer. Second, your IT department needs to be visible enough to the staff that they know what to expect. Will your help desk make a phone call in such a circumstance? Or will they come by for a visit? Whatever the policy is, it should be consistent and your employees should know what to expect.Meanwhile, train your staff to be alert to these scams and never to provide any credit card or other payment information to someone who calls in offering to fix their computers remotely. Microsoft, for its part is taking action against those scammers when they can find them. If someone on your staff gets such a scam call, you can tell the Federal Trade Commission and you can tell Microsoft. In some companies another option, if the scammers are becoming a real problem, is to route calls through a switchboard instead of providing direct dial numbers for most employees. In addition, it's important to keep as many phone numbers and names off the Internet as you can. That may seem less convenient for doing legitimate business, but it can sure help out security in this scam and others. Most of all, help your employees understand that they should never give out information over the phone and that they should never connect their computers to anyone from outside. Then make sure your own help desk and support staff are readily available and that employees know who they are. Microsoft, along with other legitimate IT companies, will never ask for personal information over the phone and they won't call you and ask for credit card information in return for technical services—ever.
In addition, your security staff needs to be aware that your employees might get such a call and be asked to connect to a remote control program. A good security system can sometimes detect such a remote control session and raise an alarm. Unfortunately, because these connections go through Websites and use Secure Sockets Layer, detection is hard.