In 2021, an Ofcom study found that 45 million brits had been targeted by phone scams. A number set only to rise in 2022.
People devote a third of their waking time to mobile use, according to the BBC, spending an average of 4.8 hours a day on their phones.
That's a lot of time for your employees to be scammed. Especially as more and more people, with the rise of remote working, log into work accounts via their phone.
An estimated 67% of UK employees today, use their phones for work.
So, as a business owner, how can you ensure you keep yourself and your employees safe against scam calls?
The number one preventative method, like other forms of social engineering, is education. Educate yourself and your staff about how to detect phone scams and respond to them.
If you're searching for how do this, look no further. Here's our rundown at The Final Step of everything you need to know about phone scams.
What is a phone scam?
Phone scams are big money. Of phone scams which are calls, an estimated 64% come from countries that are different to those of the victim.
A global industry, the biggest scam call operations are located in South Asia (in particular, India), Eastern Europe (primarily Russia) and Western Africa (Primarily Liberia).
A phone scam is, put simply, a scam that takes place over your phone. They can take the form of calls or SMS text messages. Calls are likelier to come from abroad, and texts are likelier to originate from the country you are in.
Phone scams are an extremely easy and affordable method for cyber criminals to scam people. There are entire databases available online detailing the leaked phone numbers of thousands of random people. Most of them are completely unaware their numbers have been leaked online.
Auto dialers, which can send millions of robocalls to random numbers via shady operators only cost a few quid a day. And spoofing tools, which trick your phone's caller ID into displaying a genuine personal or corporate number to increase the likelihood you'll pick up, are highly accessible.
Scamming via SMS text can sometimes require the victim to do as little as click on a sent link to begin the scamming process. Scammers easily take advantage of large scale events, like the Covid vaccination process, to send convincing, authoritative texts.
Fake vaccination dates, texts about free boosters, have all been used to trick people into scams. In 2021, as scams surged during the pandemic, UK citizens lost more than £2.3 billion.
All phone scams, no matter if they are live or automated, will try to coerce you to give up your private information. They may pose as authoritative figures, from government agencies to representatives of familiar tech, travel, retail or financial companies. Some may even pose as representatives of your company.
This is growing more common as technology advances. Phone scammers are taking advantage of voice replication and AI technologies and specifically using them to spoof high ranking company officials.
We covered a real-life incident of this which occurred in 2019, where a CEO was tricked by a criminal who was using deep fake technologies to sound like his boss, into transferring $220,000 to the fraudster.
Other scammers will find ways to impersonate family and friends, to play on your trusted relationships.
Then, these scams will attempt to derive specific information from you, mainly your pin, address or account information.
Some phone scams will try to delight you into sending them private info and cash, telling you you’ve received a special prize or sudden inheritance money. Others will try to scare you, accusing you of not paying your taxes or having done something illegal.
Who do phone scams target?
Phone scams, both call and SMS can target absolutely anyone. The idea they exclusively go after your nan is a myth, though the elderly remain common targets for scam calls.
There are phone and SMS scams now specifically geared up to target children, as we use phones now from younger and younger ages.
What are some signs I’m being scammed?
- Unsolicited calls from people claiming to work for a government agency, public utility or major tech firm, like Microsoft or Apple. These companies and institutions will rarely call you unless they have first communicated by other means or you have contacted them. This is especially true for banks, like HSBC and NatWest, which specify this on their site.
- In general, being contacted by someone high up in an organisation who would normally not contact you/ email you for correspondence.
- Calls pitching products or services with terms that sound too good to be true. Like cash prizes, debt reduction and cheap travel packages.
- An automated sales call from a company you have not authorised to contact you. That’s an illegal robocall and almost certainly a scam. (Automated calls are permitted for some informational or non-commercial purposes — for example, from political campaigns or nonprofit groups like AARP.)
- Spelling, punctuation and grammar mistakes in texts. Texts about high profile emergencies that need you to act urgently coming out of the blue.
- The person on the other end sounding unnatural. Maybe they are speaking in an extremely casual way but posing as someone in a formal working position. Maybe they are speaking in an excessively emotive way for a serious business call. Nervousness and hesitation can also be signs.
Some scammers, however, are extremely competent and you will not get these tells. They will sound confident, believable and trustworthy. They will engage in dirty tricks like redirecting calls so your attempts to authenticate a call will be unsuccessful.
Like any kind of victimisation, it is never your fault if you are preyed upon by a scammer.
But there are ways we can all work together to make them less successful in their endeavours.
How can I protect myself and my organisation against phone scams?
The NCSC offer their advice on how to protect against phone scams, most of which mirrors our commonly held advice.
They also recommend that:
- if you receive a phone call and suspect it to be fraudulent, hang up (to check call back on a number from their official website or documents you've received in the past)
- if you are suspicious about an email, forward it to firstname.lastname@example.org
- if you are suspicious about a text message, forward it to the number 7726 (which is free of charge)
However, there are other ways you in your organisation can help protect against phone scams.
The most critical of which is employee training.
Your training should be more than just telling your employees the signs of a scam. You need to emphasise the consequences too. Often the best way to do this is through a story.
Sharing stories in order to teach is really powerful. They allow you to explore consequences and processes in ways that people are likelier to remember.
We have done this in previous years by showing our employees a scam incident reported by Radio 4's Money Box programme as an example. In it, one of their reporters was phoned by a scammer, and recording the call, he went along with it as if he was unaware of the scam.
This call is a pre-packaged form of training, as your employees will get to see how these scams typically operate and hear the input of a reporter who is well educated on the anatomy of phone scams.
Sharing one call to your employees one time, however, is not enough. You need to repeat your training and refresh it until it becomes part of the working culture. The call above remains a good resource you can return to and go over with your staff.
You finally need to follow this training up with rigid policies and expectations in your organisation that cover phone access and communication.
On a more general level, we recommend you always remember to shut the ‘GATE’ when taking a call. Which here means:
- Get Informed
Know the organisation’s policies for phone calls, and the ones present within your organisation.
- Always clarify
If a phone call seems at all out of the blue, or suspicious, clarify with an authoritative source outside of the call.
- Take precautions
Check to ensure your phone number hasn’t been verified as stolen on some sites. Take training about phone scams and cyber security. Ensure you have a system set up in your organisation to authenticate calls.
- Evaluate the situation.
Almost all cyber crime relies heavily on social engineering. The more you learn about phone scams and cyber crime in general, the better you will be at evaluating the situation you are in and establishing if a call is genuine. Always evaluate every call and text you receive with the information you have learned in mind.