You may be aware of Steven Weisman, Esq. He writes a great daily blog called Scamicide, and is a is a nationally recognized identity theft expert, experienced university lecturer, proven lawyer specializing in elder law, and a seasoned author of nine books pertaining to identity theft, scams and financial planning.
I'm cross-posting his recent Scam of the day, as this is a very good one.
"In Romeo and Juliet, Shakespeare asked, “What’s in a name?” The answer, according to recent reports from the Better Business Bureau, is a scam if a business receives a telephone purportedly from the American Chamber of Commerce. Business owners and employees may confuse that name with the U.S. Chamber of Commerce.
There is no American Chamber of Commerce that operates in the United States although organizations with that name operate in foreign countries such as Australia and Ireland. The caller supposedly representing the American Chamber of Commerce explains in the call that they are updating the information about the company being called in the Chamber’s latest directory and they just need to confirm some basic company information such as company officers, phone numbers and other, what would appear to be, innocuous information. But it isn’t.
Once this information has been gathered the scammers use this information for more targeted spear phishing attacks against the company in a variety of scams including phony invoices and scams in which company employees are lured into clicking on malware infected links in emails that appear to be quite legitimate due to the large amounts of accurate and relevant information contained in the email.
Trust me, you can’t trust anyone. This motto of mine is valuable to businesses and individuals. Whenever you receive an email, text message or phone call, you can never be sure who actually is contacting you. In this particular scam, even if your Caller ID would make it appear that the caller is who they say they are, Caller ID can be fooled through a technique called spoofing to make it appear that it is a legitimate person or company calling when, in fact, it is a scammer contacting you.
Providing even what would appear to be unimportant information can be used by scammers to make their spear phishing more effective and believable including phony invoices sent to the proper person in a company. When it comes to invoices, nothing should be paid until the exact bill has been confirmed as being legitimate.
As for providing information in regard to a phone call, email or text message, the best thing to do is to refrain from providing it until you have confirmed not only that the inquiry is legitimate, but also that the company asking for the information, even if they are a real company, has a legitimate reason for having that information. Limiting the availability of too much information about you or your company will help protect you from scams and identity theft schemes."
Grateful acknowledgement to Mr. Weisman.
Related Pages: Spear Phishing