With millions of Americans falling victim to identity theft each year, it’s not a question of if an employee will suffer identity theft. It’s a question of when, and how disruptive it will be to your operations.
New Scam Targets Public-Facing Employees
Scammers are creative when it comes to exploiting their victims. This short post by the Internet Storm Center clearly explains a common scam used to trick real estate agents. The scammer poses as a potential buyer, then sends what appears to be a “mortgage pre-approval letter.” The “letter” may instead be a link that asks the agent to log in to their email account.
Once the scammer has access to the Realtor’s email, they can often obtain private information buyers and sellers share with their agent (which may even include bank information, as inadvisable as that is).
The lesson, though, applies to anyone whose business involves communicating with the public – sales agents, customer service representatives, small business owners, human resources, etc. As much as you want to be helpful, it pays to keep in mind that you don’t actually know who is on the other end of the conversation. Your job requires communicating with the public – it does not require trusting a stranger with private information.
Tips to Combat this Scam
- Keep your computer, and its software, up-to-date (most software can do this automatically). Many malware are stopped simply by patching the software vulnerability they exploit
- If the job requires opening email attachments, don’t click the “enable content” button in Microsoft Office. “Enable content” is short for “enable this attachment to run whatever malicious commands it wants on my computer.”
- If the job requires following links sent in email, don’t “log in” to a website provided as a link
- Set up multifactor authentication so a stolen password isn’t by itself enough to take over your accounts
- Set your home router or your personal devices to use a Domain Name Service such as OpenDNS, that prevents browsing to known malicious websites
While the current version of this scam targets real estate agents, these tips will go a long way to help people in all roles to protect their personal information.