identify a Possible Scam
Scams

How to Identify a Possible Scam Phone Call

Marty Tatro
by August 9, 2022
Short on time? Listen instead.

“Hello! My name is ‘John Doe,’ and I am calling from Tech Support. Your computer notified us that there might be a problem or malware on your computer, so we are reaching out to help you fix it. May I have your name?”

Have you ever received a phone call, or perhaps a pop-up message on your system, that purports to be from some tech support company or even an operating system provider like Microsoft? Did you wonder at the time whether it might be a scam? If you did, then good for you! It most likely was a scammer trying to gain access to your system and information using what is sometimes called a “Vishing” attack. This is an attack that uses your concerns over the safety and usability of your system to gain access with your unknowing assistance.

What Happened

Social engineering is a term used to describe various methods used to gather information in order for someone to gain access to systems, information, or even physical sites. There are many types of social engineering, but today we will talk about phone calls and pop-ups, as they can be some of the most common attacks.

Identifying an attack of this sort can sometimes be a bit daunting, especially when the attacker or their proxy is well-versed and knowledgeable about YOU! 

For instance, some specifically targeted attacks are begun days or months prior to you receiving that message. The attacker will start by researching you and your compatriots, perhaps discovering where you work, what you do, where you live, members of your family and work team, etc. This information is then put together to create a script specifically catered toward making you believe what they are saying when they reach out to you. This is the less common form of this attack, but it does happen.

It is more common for an attacker to “blast” out these types of messages and attacks by just hitting up random people or to use a spammer that targets unprotected systems or systems that don’t have anti-malware protection on them. 

One thing to remember when you or someone you know receives this type of communication is that it is very likely the scammer has not put in the effort to dig deeper into finding out who and what you are. You are that random person who just happens to answer an unknown number coming in or who clicks on the pop-up window to find out what is happening. You are a target of opportunity.

So what are some ways you can figure out whether someone is trying to scam you on the phone? Well, let’s take a look at a few of the easiest.

Asking questions can provide an avenue to discovery. Ask questions like:

  • What is your name?
  • Who do you work for?
  • Where are you located?
  • How did you get my information to call me?
  • What exactly is the problem you were notified about?
  • What phone number can I call you directly back at if this call gets disconnected?
  • Is there a support case number I can refer to in the future?

Each of these questions is designed specifically to do two things:

  1. Put the person on the other end of the call on notice that you aren’t just going to accept what they say as fact or truthful.
  2. Make the person on the other end a bit less secure in their assumptions that you will be an easy target.

The questions you ask to provide more information about the caller and who they work for if they answer them. They provide you an out if you feel the call is a scam. You can always respond by telling them, “Thank you for calling, but I don’t have the time to deal with this right now so I will call you back at the number you gave me when I do.” If they even gave you the information about a return call number, they will have no problem (if they are a real tech support person) with you calling back.

If you are still unsure, ask more questions!!!

Do not let the person on the other end of the call push you to do anything! They are banking (literally) on you getting flustered and just letting them do what they want to, which is where they make their money or meet their goals.

Prior to getting a call or message like this, you can prepare for the eventuality that you might. Preparation makes it easier for you to control the situation and ensure you aren’t taken advantage of.

Some preparation measures could be:

  • Know who you or your organization contracts with for support.
  • Have the support number written down somewhere you can access it quickly, and verify if you get a call.
  • Does your support service call, or do they just fix problems automatically using remote services or provisions? 
  • Remember to NEVER give out information about your login credentials, system, or network! Support services will already have access to everything they need in most cases, and they will never need your credentials. EVER. 

How will this Affect You?

Being a target for any type of scam or attack is sometimes scary and off-putting, so know that you are not alone. Millions of people and organizations are attacked every year.

If you are attacked and don’t catch it before the attack goals are met, inform someone immediately of the problem. 

  • Call your organization’s support line and notify them of a potential breach. Give them as much information as you can provide, such as the date and time of the initial communication, any information about the caller or company they said they worked for that you might have been able to obtain, and most importantly, what you said and did that might have allowed them to continue the attack on your computer.
  • If you are scammed at home, notify the authorities. The FBI has scam reporting for online attacks HERE. You may also want to contact your local law enforcement.
  • If you are a health care provider, insurer, or business associate of one, then you may need to report the problem to the Department of Health and Human Services. Check with your legal team or advisor on how this can be accomplished.

Most importantly, don’t try to fix the issue or remediate the scam on your own. This can be more troublesome, or even cause legal issues for you. Use appropriate support and legal services to resolve the problem.

What should you do

Knowledge is the key here. Know who provides services for you at home and at work. Know how those services are obtained, and what to do if you need them.

Understand that you aren’t going to be able to always catch every scam or threat, but your knowledge of how these attacks are accomplished will help you greatly reduce the risk. Take the time to ask questions, get answers, and know how to ensure you are speaking to an authorized support or technical support person. Don’t let anyone push you to do something you aren’t absolutely sure is right.

Northstarr Recommendations 

As a worker or just a computer user, it is paramount that you understand how you might be attacked by online and phone scammers. Knowing what they are looking for and how they will try to get it from you is a great way to avoid becoming a statistic.

Northstarr System Solutions can provide you with that knowledge via our training and expertise. Providing you with call-taking solutions and network protection from scammers and threats is what we do, so let us help you!

To find out more about how we can help, visit our website or give us a call at (888) 767-2210 to set up an appointment.  We look forward to meeting with you!