Scammers Making Things Harder For Themselves

Scammers have thought up a new scheme while more and more people start working from home during the height of the current health crisis. They call people at home pretending to call from their companies’ tech support to fish for data.

I’m sitting in my home office working when my private phone line rings. I route it to my headset and answer without looking at the caller ID.

Me: “Hello?”

Scammer: “This is tech support. We’ve been compromised! Please boot up your station and follow my instructions.”

He has a heavy accent, but we hire diversely, so having an accent isn’t immediately alarming. But he didn’t say the name of our company or his own name and I don’t recognize the voice at all.

Me: “What’s your name, please?”

Scammer: “I’m [Name I’ve never heard before]. This is urgent! I’m from tech support! Get into—”

Me: *Interrupting* “No, you’re not from my company’s tech support.”

Scammer: “I assure you, miss! I am from your tech support! You’ll need t—”

Me: *Interrupting again* “No! I know for a fact you’re not! I’m our tech recruiter. We have currently exactly twelve internal tech supporters working for us and I have personally recruited every single one of them! You are none of my recruits. You don’t work for our company. Get lost.”

Scammer: *Click*

If they’d reached one of our less tech-savvy employees who had just been set up for home office, they might even have succeeded. Since we’d just gotten a lot of people into the home office, there were indeed situations where tech support had called them to smooth out bumps, so this might have slipped past one or the other, especially if they were waiting for a call back from our real tech support anyway. The employees couldn’t do much since we had pretty sharp security systems in place, so it was unlikely that the scammers could log into our workstations remotely even if they got passwords. But still, they might have gotten sensitive information concerning our clients that way, and in the end, no system is foolproof.

I immediately got to work on a new process. After running it by our head of human resources, who agreed to it, I gave all our employees exact details they now had to request for verification.

Within the day, I had all divisions answering and agreeing to the new arrangement. Our data is very sensitive and data protection is taken seriously, so there’s no one complaining. We’re well used to double- or even triple-factor logins and strenuous verification processes anyway. 

No, you won’t get anything from us, scammers! Not on my watch.