Learn how criminals are attempting to collect your sensitive information.
Recently, the FBI notified us about a pervasive information security threat that's causing considerable financial losses across the globe. We've learned that cybercriminals are conducting phone reconnaissance as an early exploratory step in staging more complex email fraud schemes. Perpetrators contact individuals and organizations by phone under false pretenses. They use manipulative methods to collect information that they use to carry out targeted email attacks on the individuals and businesses whose information they obtain.
It's important to understand these tactics so you don't unintentionally help cybercriminals and put others at risk when you answer a seemingly ordinary, but unsolicited, phone call at your home or workplace.
Predatory Phone Calls
These targeted attacks are known as business email compromise (BEC) schemes. According to the FBI, these schemes have cost U.S. victims more than $3.6 billion in fraud losses over the last five years. Perpetrators may call a company's customer service or help number and employ social engineering tactics like pressuring or rushing the person on the phone as they inquire about the business and seek to obtain other information like employee names and contact information.
Social engineering, as it relates to this type of threat, means psychologically manipulating people to share confidential information or to unknowingly perform actions that help cybercriminals carry out attacks. They use the information to more effectively impersonate a trusted sender. These personalized emails have a better chance of success because they contain details that make them appear legitimate and are less likely to raise suspicion until the damage is done.
Callers may impersonate someone, like a loan officer at a financial institution, who is seeking to verify employment information for someone who works at your company. In this example, an individual's coworker or manager could inadvertently provide information that's later used to stage a believable scam aimed at the employee in question. Individuals are vulnerable to the same risks when they receive unsolicited phone calls at home.
Although the information a caller asks for may seem harmless and non-sensitive, it's important to be aware that it can be used to build a convincing cyberattack.
Precautions for Avoiding Phone Scams
The FBI has requested that victims of these cyberattacks file a complaint with IC3, regardless of how much money is lost or when the incident occurred. File IC3 complaints at IC3.gov and include the following details (if applicable):
You'll be better prepared to guard against this persistent threat if you understand the tactics being used against you. Our Security Resources page provides additional information to help you reinforce your personal security. If you have any questions, please contact a BECU representative at 800.233.2328.