News and Knowledge Base

Assist Business IT Blog

Telephone or Email Scams – Help Sheet

It is becoming increasingly common for scammers, marketeers and sales people to contact employees of companies in an attempt to extract information, gain sales or to gain access to the computers or servers within their business.

It is important that each employee is vigilant when contact is made – double checking information, taking notes (see below) and reporting all issues to the IT Department.

Never give access to your computer. If this is requested, it should always go through your IT Dept in order to maintain security of the company network.

Emails

Many scam emails will be designed to look like the emails that you receive from other companies that you commonly use – e.g. Paypal, QuickBooks or even your companies Bank.

Sometimes an email may be less a scam and more a dressed up way of a sales team drumming up business, this is often a marketing tactic for small companies who may already have a connection to your own.

  • When you receive an email, always check the email address that this is sent from, 9/10 times, a scam email will be from an address that is similar to the account in question but slightly different.
  • Pay attention to detail – look for spelling or grammar mistakes, scammers often leave these trademark clues.
  • Never click a link directly from the email, especially if you are unsure as to whether it is genuine. If you need to check an issue with an account, type the URL that you normally use in to your browser instead.
  • Often scam or sales emails will use scare tactics such as suggesting there may be a problem with one of your passwords or with your billing status.
  • If unsure, forward the email to your IT Dept who will be happy to take a look.

Telephone Calls

Telephone Scams will often pose as a person from a company that you trust, it may be a Partner Company, a Service that you use or again your Bank.

Sale teams of companies that you have a business relationship with may also use telephone marketing structures that are misleading, using the current partnership as a stepping stone.

  • Whilst on the telephone, take notes of everything that they are telling you, or asking.
  • Request the telephone number and email address of the person who has contacted you, ask them to read this out a 2ndtime.
  • Do not give out your personal information, company information or any passwords over the telephone. Advise that you will only do this once you have verified the caller and returned the call to their company. If you do call the company back, do not use the number that the caller has provided you, use the number that you would normally use or is listed on the company website.
  • Do not allow access to your computer. If the caller requests this, maybe by suggesting that they can show you a screenshot this way, decline and advise that this would need to be via the IT Dept. If they are persistent, advise that you do not have administrative access to the machine.
  • Often sales callers will use scare tactics such as suggesting there may be a problem with one of your passwords or with your billing status, even the marketing team for a company that you have a relationship with may do this.
  • If asked by the caller to visit a particular website whilst they are on the line, write down the URL that they are giving you but DO NOT visit the website.
  • Once the call is ended, contact your IT Dept immediately, providing all notes that you have taken during the call via email.

When it’s too late….

We all make mistakes, but we do need to act fast to ensure that minimal issues arise.

If you have accidentally clicked a link, allowed someone access, visited a scam website, given out info or anything that may pose a risk. It is important that you tell your manager AND the IT Dept immediately.

In some cases, there is also other immediate action which should be taken….

If you have allowed access to your computer

This could be either via remote software or by you clicking a link or accessing a potentially threatening website.

  • Your computer should be immediately disconnected from the network.
  • Unplug any network cables from your computer.
  • Turn off your computer and switch off the plug at the wall.
  • Get in touch with your IT Dept via telephone immediately.

If you have given out information

This is a little trickier as the solution depends on what information you may have released.

  • Contact your Manager immediately.
  • Get in touch with your IT Dept via telephone immediately.
  • If you feel that your specific machine may be affected, follow the steps listed above for ‘if you have allowed access to your computer’
  • If you feel that a specific account may have been compromised, where possible the login information should be changed for that account – this can be done with your manager or the IT Dept. It may also be necessary to contact the company involved e.g. if it is of a financial nature.