Cybercriminals use Caller ID Spoofing to mask their phone number when calling a target business so that they appear to be calling from a trusted contact, like your bank – are you prepared to defend against this tactic?
Most modern cybercrime tactics are based on technical vulnerabilities. Hackers force their way into a system by taking advantage of out of date software, unencrypted data, or an inadequate firewall.
Naturally, if you know your security software is patched and updated, and you know you have a reliable firewall and antivirus solution, then you must be safe, right?
An increasingly common cybercrime tactic today doesn’t rely on technical vulnerabilities at all. It relies on the assumptions you and your employees make every time the phone rings.
Cybercriminals use Caller ID Spoofing to hide the origin of a phone call placed to a target business like yours. Instead of displaying the number they’re calling from, they alter it to appear as though it’s another local business, a trusted business contact, or even a customer.
Often, cybercriminals will use this method to appear as though they are calling locally. Once the target has answered the phone, the cybercriminal will pose as a representative of the local bank, or insurance company, or as a creditor, and attempt to get sensitive information out of the target.
Let’s set the record straight: this isn’t just annoying, it’s illegal. In the US and many other countries around the world, there are laws preventing cybercriminals from falsifying caller ID information.
Worse is that a successful Caller ID Spoofing attempt on your business can have serious consequences. Whereas you and your employees would normally ignore such a phone call because of the unfamiliar Caller ID display, if a cybercriminal gets a member of your business to answer the phone, then they move on to a social engineering scam. Whether they pose as a representative from the bank or a staff member from a trusted third party vendor, it’s easier than you may think for them to convince their target to divulge important information, or even execute a task for them.
Sound a little farfetched? Then consider this case for example:
Several Xcel Energy business customers have recently reported that they have been targeted by scammers who are using software to make it appear that their calls are coming from Xcel Energy telephone numbers.
If your business receives a call that looks legitimate but sounds unusually aggressive, demanding, or threatening, hang up and call the Xcel Energy Business Solutions Center at 1-800-481-4700 (8:00 AM to 5:00 PM weekdays) to report it.
What are some red flags?
You can verify your account balance by logging into the Xcel My Account system or by using the Xcel Energy Mobile App.
So, what can you do about Caller ID Spoofing?
The best course of action is to do nothing. If you or an employee gets a phone call and the displayed number on the Caller ID doesn’t seem familiar, then simply let it go to voicemail. If it’s a truly urgent and legitimate call, then the caller will leave a voicemail, or get in touch with you another way, like email.
Furthermore, if you or one of your employees does answer the phone, be on the lookout for those red flags mentioned above. Don’t trust someone who calls and aggressively demands that you provide information, or make a payment immediately. Anything that important and that urgent can be verified in another way.
For example, you can always tell the caller that you’d like to confirm their identity by calling the number of the company they’re claiming to be from. That way, if they’re really calling from that company, it shouldn’t be an issue. If they argue with you on that point, then they’re probably spoofing the Caller ID.
Sound complicated? It can be, but the good news is that Insight Technologies will help. Our team of IT experts can ensure you and your employees are prepared to deal with a range of social engineering tactics, including Caller ID spoofing.
For more information about how to stop Caller ID Spoofing from harming your firm, reach out to the Insight Technologies team right away at (701) 775 – 5512 or firstname.lastname@example.org.