More and more companies are training their employees on how to spot scammers attempting to phish or spear phish information from them. Likewise, they are also posting scam alerts to their customers. It can be tedious at times, especially if it involves repetitious workplace training and employees may begin to resent it.
Perhaps customers resent it too; and yet the problem is a persistent one. We tend to take much for granted when it comes to the organizations we do business with. As employees, we can make assumptions regarding online safety, the safety of a network, the safety of information visible on a computer screen in a work space.
We assume that incoming callers are who they claim to be; be they calling our workplace, our home landline, or our cell phone. Most of us know not to trust spam email on our personal accounts but the phone? For many people the phone is still very much a learning curve. Pay attention to the alerts; take employers up on that training.
Many of these scams work because people generally know themselves to be reasonable, rational, intelligent human beings. They are accustomed to dealing with other people much like themselves. They assume that because they don’t generally act in deceitful ways, that others do not act in such ways either.
This self perception is an exploitable weakness; it is an Achilles heel.
We assume because we are smart we can’t be fooled. Some of us are also vain; about our intelligence, our ability, our competence, our successes in life, that we become blind to the possibility of being exploited, especially for information. And the scammers know this. They know human nature. They know that we are conditioned to certain responses.
Like responding to others we perceive to have authority with obedience and compliance. We are conditioned to respond quickly, to yield unquestioningly. Sometimes we are so conditioned that we respond before our brains engage and we remember certain factual details, for instance, that the Federal Bureau of Investigation does not do debt collection.
Or that utility companies don’t insist on specific types of payments such as wire transfers, prepaid gift cards, reload cards, or cryptocurrency. Utility companies and banks will not ever ask you for personal banking information in email or over the phone. If you get a call and someone asks you for such information and demands you pay, hang up.
Look up the company’s number on your bill, in the phone book, or on the company’s website and call them directly. They will ask you to verify your identity and this is fair because they do need to verify a match between the caller and the account. You be sure of the legitimacy of the number you are calling and you will get the real company.
Not the scammer.
Today I am thankful for all of those nameless cybersecurity experts that put up all of those cybersecurity tips and fraud alerts across the public and private sector, U.S.- CERT, the Federal Trade Commission (FTC) and the FBI. Never resent those reminders. They are there to help us override our conditioned responses, to be more vigilant and suspicious.
For more information: