For almost a week now our two helpdesks have been bombarded with calls by people with heavy accents using phony names like Jack Smith and Mike Rogers saying they are from different medical groups, hospitals, or banks asking for various employees. The thing is that they have a list of employee names and some titles, my guess is they got them off LinkedIn, and are simply asking to speak with them. When you ask who they are and where they are calling from they then ask for more information, usually does this person work there? what department is this person in? what department am i calling? etc.. I assume they are wanting to know if these people work here and will then sell it all on the black market. Is this a common phishing tactic? They come in on different numbers which i bet are spoofed, is there any way to stop these calls?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Phone Phishing Driving Me Crazy
- Thread starter ITNick
- Start date
Yes, this is a somewhat common phishing tactic. They are gathering data. For a big, long duration hack, you need to gather some intel on the company you're hacking. When they're asking about names and departments, and who works where, they are mapping out your organization. They should be asking for titles too, and maybe who reports to whom.
This kind of information adds a lot of weight to spear-phishing attacks. Attacker calls Secretary-A and tells her he reports to Name-B in Department-C, and he's doing a special project for Name-D, but he's having trouble accessing System-E. Can she just help him by ...
You see how it goes. If some unknown person calls Secretary-A and just asks outright for some information, or for her to do something, she probably won't do it. But, if there's a believable business story with recognizable names to accompany the request, many people will just go along and help the person. All that organizational knowledge lends a lot of credibility to a story. And most people will go out of their way to help a coworker, even one they've never met.
Even if they have names of people that no longer work there, that's useful information too. They can call and say that they were working with that person on something and they're having trouble getting ahold of them, is there someone else that can help. All of a sudden they are forwarded to the new person, with an implied vouching from the person that left.
I don't know what your business is, how big it is, or what your "assets" are that they might be interested in, but you do need to take these calls seriously. They are very targeted, and may lead to something worse happening..
This kind of information adds a lot of weight to spear-phishing attacks. Attacker calls Secretary-A and tells her he reports to Name-B in Department-C, and he's doing a special project for Name-D, but he's having trouble accessing System-E. Can she just help him by ...
You see how it goes. If some unknown person calls Secretary-A and just asks outright for some information, or for her to do something, she probably won't do it. But, if there's a believable business story with recognizable names to accompany the request, many people will just go along and help the person. All that organizational knowledge lends a lot of credibility to a story. And most people will go out of their way to help a coworker, even one they've never met.
Even if they have names of people that no longer work there, that's useful information too. They can call and say that they were working with that person on something and they're having trouble getting ahold of them, is there someone else that can help. All of a sudden they are forwarded to the new person, with an implied vouching from the person that left.
I don't know what your business is, how big it is, or what your "assets" are that they might be interested in, but you do need to take these calls seriously. They are very targeted, and may lead to something worse happening..
- Thread starter
- #4
Actually, I would probably do a little research on your side. Have them record the names used and the phone numbers they are coming from. If they aren't spoofed numbers, there may be a pattern or may point directly to where they are coming from. Don't assume they are spoofed.
Dates and times too. That can start to show patterns.
Even if you just end up with a list of phony names and spoofed numbers with dates and times, this could eventually be "evidence".
Even if you can't use this information directly, it doesn't hurt to have it.
Dates and times too. That can start to show patterns.
Even if you just end up with a list of phony names and spoofed numbers with dates and times, this could eventually be "evidence".
Even if you can't use this information directly, it doesn't hurt to have it.
- Status
Similar threads
- Locked
- Question