Captain Kirk: Kirk to Enterprise..
Scotty: Scott here, sir.
Kirk: Beam me aboard.
Scotty: Aye sir. Queen to Queen's Level 3.
Kirk: I said beam me aboard!
Scotty: I said, Queen to Queen's Level 3.
Kirk: We have no time for chess problems, beam me aboard!
Scotty: I'm following your orders, Captain. Queen to Queen's Level 3.
Kirk: [Frustrated] Just testing…I'll be in touch with you later…
The above is an exchange from the original Star Trek episode, "Whom Gods Destroy". Fifty-year-old spoiler - it wasn't really Kirk trying to get to the Enterprise - but he was blocked by a simple challenge. I would welcome discussions about any science fiction show. I'm not exactly versed in Three-Dimensional Chess strategy however and what the correct response is (by the way, it was "Queen to King's Level 1")…but that's not why I'm here.
Scams are a big problem on the Internet and social media, and even still with that "old" technology, phones. Here are just two examples which came up recently:
- I answered a phone call from an unknown number. I don't usually, but was expecting a call - and even if the caller was identified, those numbers can be faked - and the person on the other end of the line said, "Grandpa?" Now, while I am technically old enough to be one, I am not, so obviously something was up. But this is a known scam - you answer, and they will tell you they were in an accident and in a hospital so they sound different, etc. They will play on your panic and will ultimately ask you to pay some money to cover the medical bills or whatever. It's been around for a while but seems to have picked up again recently.
- In a business context, the Chief Financial Officer, HR person, or similar will be targeted specifically for scams. The two common ones are faked emails from the CEO or other similar level person asking for a wire transfer, or from an employee saying they changed banks/accounts and want to update their direct deposit info. They will attempt to explain away the use of the alternate email or phone number if questioned.
You should be seeing red flags already with these, but even if there is the possibility that they may be legitimate, a simple and effective means at verification when in these situations is the "Challenge/Response". This is how Scotty knew not to beam up the imposter Kirk, and how you can know not to send money or even continue the conversation.
The Challenge/Response can be something pre-agreed upon, but something that could not be easily researched by outsiders. You know those "Security Questions" you fill out in case you forget your password? They are the same thing, although a lot of the canned questions aren't very effective - which is why I don't answer them necessarily accurately, but with an answer I'll remember. So "Street where you grew up on?" becomes "Yellow Brick Road". And no, that is not the real answer…nonsensical answers work even better as long as they can be remembered.
In a family setting, it can be something simple about the household…"What color is the couch?”, “What is the PIN code to the garage?" or similar. Maybe a couple of them to prevent guessing.
By setting up a challenge/response in advance, you can easily circumvent these types of attacks. No company should be wiring millions of dollars without multiple methods of verification - but amazingly some still do. While technology such as email filters, call blockers, and more do a decent job they are not perfect, and the scammers are always figuring out how to get around them. While the "human factor" is often considered the weak point in protection measures, it is possible to utilize the human factor to strengthen our ability to avoid scams.
If you would like assistance in ensuring your company' is protected from scams, please contact us and we would be happy to help.
Related Content:
HOW CYBERSECURITY DIFFERS FROM ENTERPRISE CYBERSECURITY
CYBERSECURITY SOLUTIONS TO PROTECT STARTUP BUSINESSES
PROTECTING YOUR CHILD'S ONLINE SAFETY: TIPS FOR CYBERSECURITY