2024 kicks off with Data Privacy Week (January 21 – 27) and Identity Theft Awareness Week (January 29 – February 2) back-to-back. Fraudsters frequently use social engineering when perpetrating identity theft, data breaches, and other types of financial fraud.
As SVP, Technology and Support for ePayResources, one of my areas of responsibility is data security. The following social engineering scenarios are not uncommon but perhaps are something you and your coworkers have not encountered yet. Awareness is key to not falling prey to the clever criminals!
During the regular course of business, a team member receives a call from someone posing as the company’s printer vendor. The caller requests model numbers and other information on office printers or even home printers when employees work remotely. While this may seem like non-critical information, here’s how the follow up to these calls might go a week or month - or more - down the line:
Scenario 1: A “printer technician” shows up at the office or your home office and says, “Hi, I'm Bob from Printer Support, Inc. I'm here to work on your printer model ####. I spoke to [employee name] about it. We need to do some quick maintenance on the machine. Can you show me where it is?”
Unfortunately, giving someone access to work on a printer could give them access to your network long enough to begin the first steps towards a more serious breach.
Scenario 2: A technician from “our local printer support company” calls and says, “Good morning! We have a report that that printer model #### at your location is having trouble. We need to remotely access your computer to work on it.”
This is an even riskier scenario than the first!
The concepts that work to identify phishing emails can also help identify fraudulent phone calls and text messages:
- Are you expecting this phone call? If not, be suspicious and verify!
- Do you know the caller and can identify them by voice or context? If not, ask someone else to help you or call them back at a verified number.
- Do you notice anything odd or suspicious about their appearance, phone number, or even the words they use? If so, be suspicious and verify!
One of my favorite mottos from the security world is, “Never be in trouble alone.” If you think something suspicious is happening, ask a coworker, your manager, or your IT department. Make sure someone else knows what’s going on and can help you figure out what to do next. Even if the information requested does not seem important, it could be used to get a foot in the door to commit a significant breach.
Don’t go it alone! ePayResources is here to help you stay on top of the latest financial fraud and to keep it from impacting you and your institution. We encourage you to take advantage of these resources:
• Fraud Forum – our online member community specifically for the discussion of fraud topics and sharing of related resources.
• Fraud Reduction Meetings – in-person and virtual meetings held throughout the year for peer institutions and law enforcement personnel to share what fraud they are seeing and how they are addressing it.
• Fraud Spotting Certificate – one of the many fraud-related resources in our ePayU® online learning platform, the Fraud Spotting Certificate is awarded when you complete a series of videos from fraud detection expert Traci Brown and successfully complete the exam.
• Financial Crimes Symposium – our annual conference devoted to solution-based learning and networking for anyone concerned about fraud prevention and mitigation.
And of course, you can always ask ePayResources’ experts on the Payments Answerline™ at 800-475-0585, Option 1.