An often used trick to obtain useful information about a company is to call or e-mail their employees and trick information out of them. Most of them will provide you a trustworthy story that will almost make your feel appealed to help out the other person.
What you need to realize is that many tricks are based on human psychology, things and ways how we react as normal human beings mixed with some decent sales techniques a sales department could be jealous off.
A couple of warning signs to keep in mind when dealing with such calls:
- You don’t know personally the other person.
- The person calls from an unknown / unrealistic / hidden number.
- The other person asks for information you might not be ready to give out normally but the ‘ease’ and pace of the call will make you divulge some details very quickly.
- Realizing you’re tricked half way through is still better then only realizing it after the call.
- Once you realize you’re steered or pushed in a certain direction you can realize quite quickly that you’re tricked, many people develop quickly a sense for such scamming and hang up as soon as 5 seconds after the start of the call.
Just end the call
Collect as much information as you can about the call, time, date and CallerID if available. Don’t start a discussion with the other side accusing them. They know very well they’re doing something illegal and you’re wasting time.
I worked for a global company with head offices in North America. It happened at regular intervals that someone called the IT department in our country for a password reset of the account of the CEO with some excuse of him traveling and loosing access to his credentials and cell phone.
If you’re not sure about the risks your company runs due to the way the phone call went you can always contact your local IT or local IT Security department to ask them for guidance. They will ask you for details like numbers, topic, date & time. They will also ask you what kind of information you provided and might be able to take counter measures to avoid running bigger risks.
If you have to choose between two bad scenario’s, you’re in general better of picking the ‘least bad’ and try to do damage control. Most of the time your IT department or IT Security department will be aware of such issues and have already taken counter measures beforehand.
Recent Comments