Wednesday, March 26, 2014

Phone Fraud Flavor of the Month: 2014's IRS Scam

pretexting, social engineering, fraud, scamI spent a little time this morning reading about that new IRS scam that’s running rampant during the 2014 tax season. You know the one—you can read all about it here, It’s the one where social engineers claiming to be IRS officials bully people into offering sensitive information through threatening phone calls.

Actually, that doesn’t sound so new, does it?

That’s because it’s not. It’s the same pretexting technique that scammers have been using for years. Even though each year (or each tax season or election or Olympic Games or world relief effort) brings a new wrinkle to the scam, there is nothing new here, folks. It’s just another example of how thieves try to steal sensitive information from regular people. Every. Single. Day.

The possibility of daily threats demands constant vigilance—and you are raising your awareness just by reading this. But maybe it’s time for a little refresher on the best ways to handle any social engineer who comes calling.

Don’t take a phone attack personally.

Social engineers can use almost any piece of information to build or carry out an attack—and they may play on your emotions to get it.

If you get the call at work, remember this: strictly following company policies in any emotionally charged situation may be your best defense.

If the call comes at home or on your mobile device, then remember this: it’s ok to be rude to a thief. If the signs are there and your red flags go up, do not let them in your head. Just hang up. This is particularly good advice for folks who may be receiving calls from this year’s batch of pushy IRS imposters. Threats and demands from unsolicited callers should never be taken seriously.

Don’t get cocky with a social engineer.

Social engineers are masters at preying on a target’s ego—and the person who is most sure of his or her security is often the easiest to “get.” If you suspect that you are speaking with a social engineer, don’t run off at the mouth or try to make them feel bad about what they’re doing. First of all, it won’t work. And second, you might let slip some small, innocuous piece of information they can actually use against you.

Know the signs of a fraudulent call.

Maybe above all, be aware of the signs of a pretext call.

  • Was the call unsolicited?
  • Is the caller asking outright for any type of personal information?
  • Is the caller leading you along towards personal information?
  • Is the caller overly chatty or overly aggressive?
  • Does the caller sound nervous or distracted?

An affirmative to one or more of these questions is definitely a red flag. Don’t be THAT guy. The low-hanging fruit. The guy that falls for it. Protect yourself.