Get Started Today!  732-747-9373   

Fotolia 68929807 M new

DeckerWright Corporation Blog

2 minutes reading time (470 words)

Social Engineering: Call Centers

The past several years have seen an explosion in the use of call centers by cyber criminals to attack business clients. The call center representatives disguise themselves as being from a trusted vendor (e.g., Microsoft) or from the government (e.g., the IRS). These attacks attempt to trick the person answering the call to share login credentials or other personal information in order to initiate a cyber-attack. In the past, these fake calls were easily identifiable by the poor English spoken by the call center representative. Currently, call center representatives are either domestic or speak perfect English. The high profits generated by these calls raise what the cyber-criminals are able pay, resulting in a better call center employee.

How do the cyber-criminals do it? Cyber-criminals use the same technology employed by those annoying telemarketers that you can’t stop. They begin by compiling a list of potential phone numbers to dial with the desired demographic (see Blog "Social Engineering: Marketing...Get the List").

Once the list is in hand, the criminals work on a script to trick the person receiving the call into taking actions they wouldn’t normally take. The advent of host Voice Over Internet Protocol (VOIP) call center systems has allowed cyber-criminals to put call centers offshore while using local phone numbers. Phone numbers can also be “spoofed” so that the phone number appearing on the caller ID appears to be a local number. By the use of call center and VOIP technology, the cyber-criminals are able to quickly and cheaply build call centers around the world. The VOIP technology effectively circumvents long distance phone charges, making the call center calls virtually free from anywhere in the world.

Here are some tips for spotting and preventing the loss of data to cyber-criminal call center employees:

  • Check the caller ID to see if it appears valid.
  • Be suspicious of any call received from an entity you don't normally do business with.
  • Ask questions - if it doesn't seem right, it probably isn't.
  • Most government agencies aren't going to call you, so politely get off the phone.
  • Technology companies, like Microsoft, will NEVER call you unless you have an open case or issue with them.
  • Get a call back number and ask to call them back. Compare that number with phone numbers you have on file for that vendor, or numbers listed on the Internet. All credit cards have customer service numbers printed on the back.
  • NEVER load software recommended by one of these callers onto your computer.
  • NEVER share personal information like social security number or credit card information with one of these callers.

The use of call centers for attacks is a growth business for cyber-criminals. Well documented successful business plans, easy to use and setup technology, plenty of people world-wide that need jobs, and poor law enforcement make call centers an attractive business for cyber-criminals.

Click HERE for more information.

Latest Blog

Just when we thought the tide of ransomware attacks was ebbing, we have seen a spike in attacks recently.  In the past month, we were contacted by three companies seeking out help in addressing ransomware attacks.  In keeping with our policies to only work with cli...

Account Login