Here at Anderson Technologies, we’ve reported on a wide variety of topics to help keep you and your business’s technology safe from harm: breaking news on security breaches like the Equifax hack and KRACK, password security tips, the importance of firewalls, and many more. But sometimes preventing trouble isn’t about the hardware or software you deploy—it’s about your people.
We all know someone who has fallen victim to a phone or email scam. Many of us have received a desperate call from a friend or family member trying to undo an unknowingly self-inflicted intrusion on their personal or financial information.
A member of the Anderson Technologies team recently received this harried voicemail from a family member:
“The Russians have hacked into our computer, and we’ve been on the phone for half an hour or so with India. The guy’s helped me reestablish my password but he thinks we should do some further work and maybe take the modem to the Apple store.”
From an objective perspective, this scam appears obvious. Why would the Russian government want to hack your personal home computer? How did these “tech support” guys get your information to call you and fix the problem? Thankfully, no permanent damage was done in this particular case, but you may find yourself wondering who could fall for such a transparent scheme.
Scammers target unsuspecting consumers and use data gathered from the web to build trust and elicit the missing pieces needed to access private account information. But how do these choreographed schemes apply to your business?
It’ll Never Happen to Me
Who do you picture when you hear the words “scam victim”? Several common stereotypes come to mind. The Better Business Bureau (BBB) released a comprehensive report that breaks down the perceptions we have about scam victims. Their 2016 survey shows that most people inaccurately predict scam victims to be older, retired, or less-educated blue-collar workers or women.
If you don’t fall into those categories, it’s still too soon to consider yourself safe! Thinking scammers won’t hound you because you are (at least in your own mind) an improbable target leaves you exposed and off guard.
For this we can blame optimism bias, or the tendency for individuals to believe they are less likely than others to be vulnerable to negative events. Even when the BBB or the Federal Trade Commission (FTC) releases accounts and warnings about the thousands of scams reported each day, in-the-know readers might react by thinking these threats don’t apply to them. Do you think you’re too smart to be fooled? What would you have that a hacker would want anyway? A quick skim of some unsuspecting person’s scam story, and you’re back to your usual technological habits.
“It stands to reason that individuals who believe they are not at risk will be less receptive to efforts to provide protective information,” says BBB’s marketplace scams report. “Media coverage, with victims shaped to fit squarely into these categories, risks being digested by the public simply as intriguing ‘real life drama’ affirming their beliefs.”
What the statistics show, however, is that all consumers are equally at risk. Some scams do target the “typical” grandmother or otherwise negligent prey (more on those tailored cons below), but the BBB research found that the groups at highest risk of losing money to a scam are college-educated individuals between the ages of 25 and 54. An estimated 90% of scam incidents go unreported, which goes to show how the inaccurate stigmas surrounding scam victims have infected our culture. No one wants to admit they were tricked.
But We Have a Firewall!
Personal consumer scams may not seem like they’re much of a threat to your business. Like any physical crime, cyber crime can’t gain access to your business unless there is an open door or a breach of some sort, such as when someone opens an email or picks up a phone. Who your employees share information with on their own time may not seem to be your concern as a business owner, but good personal practice translates into a stronger, safer business.
Cyber crime is changing. Phishing and spear-phishing campaigns are some of the most commonly-encountered scams by businesses, and they’re now more dangerous than ever. Hackers and scammers seek larger payouts now instead of quantitative scale. Rather than targeting individuals as they’ve done in the past, scammers are now narrowing their crosshairs to strike organizations. No business, large or small, is safe.
Hacking into your business’s hardware systems or networks is only one way to gain unauthorized information. Dedicated spear-phishing tactics use data mined from public accounts and web activity to target specific departments or employees. The only thing that separates personal consumer scams from business scams are the lies the criminal uses to try to break down your barriers.
Scammers often take advantage of brand familiarity and emotional response. Unexpected messages from a random email address or blocked phone number are much easier to ignore than a seemingly safe communication from the Yellow Pages or UPS.
One scam that aims directly at businesses is the “Directory Scam.” Employees receive a call from a well-known or non-existent agency requesting business information to update their directory. When your employee provides them with your business’s address and contact information, they send a fake invoice for the “service” and, if questioned, often fire back with edited audio from their previous call that “proves” your employee accepted the charges.
Another targeted hustle that’s gained steam over the last couple of years is known as the “Grandparent Scam.” In this case study, the victim receives a call from a scammer who claims to be his grandson needing bail money. This scam may seem ridiculous, but many have fallen victim to it because the caller knows the names of the grandparent and child as well as other personal information that would encourage one to believe they’re telling the truth. The scariest part about this scam is that the scammer called this victim at his place of work, further illustrating that public data on the web is available to anyone with the knowledge to find it.
What Steps Can I Take to Protect My Business?
BBB is one of many organizations to provide a checklist of actions to take against common scams. While most of the lists aren’t geared towards business owners, many of the habits suggested perform double-duty in both your professional and personal life. Anderson Technologies has a few tips for applying that knowledge specifically to your financial livelihood:
- Keep an open dialogue with your employees and vendors about cyber security practices. Educating employees—Anderson Technologies has covered employee cyber security education in the past and takes it very seriously—protects their well-being as well as your business’s.
- Educate yourself about what kinds of scams you or your business might encounter. BBB has compiled a thorough list here.
- Be wary of email attachments. If you didn’t request it, you probably shouldn’t open it.
- Use technology to your best advantage. Know how firewalls, anti-malware software, secure browsing, and network safety can benefit your business.
- Develop a system for inspecting invoices. If you’re a larger company with many different clients and vendors, it’s easy for rip-offs to fall through the cracks.
- Ask your IT provider about resources that can keep you safe. There are many programs that do some of the background work for you: NoMoRobo, LastPass, HTTPS Everywhere, Proofpoint, and so many more! Some of them are free, and others are not. Talk to a professional to determine the best investment for your business.
- Question everything. Zero-trust practices can be employed over time, making universal authentication easier for everyone involved.
“The Russians have hacked into our computer” example at the top of this article is one of hundreds of similar scams permeating every demographic, consumer and business alike. In hindsight, it may be humorous to imagine someone getting so caught up in the urgency and persuasiveness of a slimy scam artist. However, when it’s happening, you or your employees may truly believe your business is at stake.
How to report scams:
- FBI: https://www.ic3.gov/default.aspx
- BBB: https://www.bbb.org/scamtracker/us/reportscam
- FTC: https://www.ftccomplaintassistant.gov/#crnt&panel1-1
- Microsoft “Tech Support” Scams: https://www.microsoft.com/en-us/reportascam/?locale=en-US