For almost as long as phones have been easily accessible, scam calls have existed. Successful scams using phone calls were first reported as early as the 70s, with their incidence rate gradually increasing throughout the 1980s and 90s. The early 2000s saw a rise in robocalls with the increased prevalence of cell phones, and some of the first tech support scam phone calls were reported in 2008. Around this time, scammers started cold calling their victims pretending to be tech support from popular companies like Microsoft or Dell, a tactic that can still be seen occasionally today. During these calls, the scammers would claim that a problem was detected with the victim’s computer and would either trick them into handing over access to their devices and accounts or convince them to pay for a solution to the nonexistent problem.
This scam has evolved over time and scammers make fraudulent calls pretending to be many different kinds of people today. With AI, scammers can even change their voice to impersonate people in a more convincing way. Anyone can be the target of a fraudulent phone call, and many people avoid answering calls from unknown numbers for this very reason. However, at work you might receive calls from unknown numbers all the time, making these fraudulent calls a little harder to spot. Plus, scammers are figuring out more and more sophisticated ways to attack employees, often using specific details from your workday that allow them to go undetected.
Since there are so many platforms, programs, and applications that are built for use in a work setting like Microsoft Teams or Zoom, these programs become the disguise that many scammers use when targeting employees. Salesforce is one of these programs, and it has recently been used in a phone scam campaign. One scam group in particular has been seen using voice phishing attacks to trick employees into granting them access to their Salesforce data by posing as tech support for the program. This attack relies solely on social engineering tactics and has seen notable success over the past several months. If you ever receive an unsolicited phone call from an individual claiming to be a tech support employee, you should end the phone call without giving them any information or access. If you are concerned about a program or device, you can call its tech support directnly using a trusted number. You can also consult with a trusted IT company.
Just like with phishing emails, it is important to verify who is on the other end of a conversation before granting them access to anything or sending them money. Scammers may also pose as representatives from third-party vendors that your company uses or even as other employees from your company, making these fraudulent phone calls even harder to spot. You can use the same strategy of hanging up and calling back a trusted number in these scenarios. It is important to always be wary of releasing any sensitive data or sending any money over the phone or internet. Although steps can be taken to protect your data, little can be done to prevent an attack if the information is handed over willingly.
Read our previous post here: New Scam Uses AI Chatbot Grok
