10 Apr 2017
Phone scam affecting businesses and government organisations
New Zealand businesses and government organisations are currently being targeted by a phone scam, intended to trick the recipient into disclosing private details about the organisation. While CERT NZ does not investigate phone scams, we're highlighting this one as it may be a precursor to a broader cyber attack.
Scammers are calling businesses and government organisations, asking for personal and professional details about their staff, for example:
- does X work here?
- what's the name of your Finance manager?
- is X still your CEO?
This kind of information can be used to support a targeted marketing campaign or a spear phishing attack against an organisation. It's important to have trained staff who understand how to deal with calls like this, and practices in place for what to do if they get a suspicious call.
What to do
- Make sure your staff are aware of this scam.
- Remind them what information they can and can't give out over the phone - or provide training for them if they don't know.
- Ask them to query any suspicious requests, and report any calls they're unsure about.