Scammers are impersonating Europol with fraudulent phone calls in an attempt to steal personal and financial information, according to Kristina Ohr at Avast. The German Federal Criminal Police Office (Bundeskriminalamt, BKA) recently warned of this campaign as well.
“Two of our colleagues already received one of these calls,” Ohr says. “The first call was an automated greeting that said that their data had been stolen and that they should press number 1 to speak to a Europol employee. The colleagues were then connected to a real person. According to the BKA, a special technical procedure is used for the calls, which is why the recipients are shown a phone number that actually belongs to Europol or a German police station. Our colleagues, on the other hand, were called from regular cell phone numbers.”
One of Ohr’s colleagues received one of these scam calls and initially believed it was real.
“One colleague, who we’ll call ‘Sarah,’ received the call when she was on the road and distracted on a Saturday afternoon,” Ohr says. “She thought, ‘Europol is calling? It must be serious!’ The automated message at the beginning was credible and the woman on the phone sounded thoughtful. She even had answers for many of Sarah’s questions.”
Sarah added that the woman sounded sincere, which made the phone call even more convincing.
“Even more so, the way the lady spoke on the phone was believable and serious,” Sarah said. “Only after the conversation did I realize that she had asked me for my name at the beginning, which she should actually know if my identity had actually been stolen.”
Avast offers the following recommendations for users to avoid falling for these attacks:
- “Do not disclose your personal data on the phone and do not allow yourself to be pressured.
- “Do not give out your bank account or other payment information.
- “Remember that Europol has no authority to fine you or take any other criminal action against you. Just hang up.
- “If you have communicated your information or paid money, contact your local police and file a criminal complaint if necessary.”
New-school security awareness training can teach your employees to follow security best practices so they can avoid falling for phishing attacks.