Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Phone Phishing Driving Me Crazy

Phone Phishing Driving Me Crazy

Phone Phishing Driving Me Crazy

For almost a week now our two helpdesks have been bombarded with calls by people with heavy accents using phony names like Jack Smith and Mike Rogers saying they are from different medical groups, hospitals, or banks asking for various employees. The thing is that they have a list of employee names and some titles, my guess is they got them off LinkedIn, and are simply asking to speak with them. When you ask who they are and where they are calling from they then ask for more information, usually does this person work there? what department is this person in? what department am i calling? etc.. I assume they are wanting to know if these people work here and will then sell it all on the black market. Is this a common phishing tactic? They come in on different numbers which i bet are spoofed, is there any way to stop these calls?

RE: Phone Phishing Driving Me Crazy

Long Range Tactical Nukes.

That'll fix it.

I used to be an ACE. Now I'm just an Arse.

RE: Phone Phishing Driving Me Crazy

Yes, this is a somewhat common phishing tactic. They are gathering data. For a big, long duration hack, you need to gather some intel on the company you're hacking. When they're asking about names and departments, and who works where, they are mapping out your organization. They should be asking for titles too, and maybe who reports to whom.

This kind of information adds a lot of weight to spear-phishing attacks. Attacker calls Secretary-A and tells her he reports to Name-B in Department-C, and he's doing a special project for Name-D, but he's having trouble accessing System-E. Can she just help him by ...

You see how it goes. If some unknown person calls Secretary-A and just asks outright for some information, or for her to do something, she probably won't do it. But, if there's a believable business story with recognizable names to accompany the request, many people will just go along and help the person. All that organizational knowledge lends a lot of credibility to a story. And most people will go out of their way to help a coworker, even one they've never met.

Even if they have names of people that no longer work there, that's useful information too. They can call and say that they were working with that person on something and they're having trouble getting ahold of them, is there someone else that can help. All of a sudden they are forwarded to the new person, with an implied vouching from the person that left.

I don't know what your business is, how big it is, or what your "assets" are that they might be interested in, but you do need to take these calls seriously. They are very targeted, and may lead to something worse happening..

RE: Phone Phishing Driving Me Crazy

Thank you for explaining it so clearly. Ill continue to tell people to just hang up on them.

RE: Phone Phishing Driving Me Crazy

Actually, I would probably do a little research on your side. Have them record the names used and the phone numbers they are coming from. If they aren't spoofed numbers, there may be a pattern or may point directly to where they are coming from. Don't assume they are spoofed.

Dates and times too. That can start to show patterns.

Even if you just end up with a list of phony names and spoofed numbers with dates and times, this could eventually be "evidence".

Even if you can't use this information directly, it doesn't hurt to have it.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close