In 2021, an Ofcom study found that 45 million brits had been targeted by phone scams. A number set only to rise in 2022.
People devote a third of their waking time to mobile use, according to the BBC, spending an average of 4.8 hours a day on their phones.
That's a lot of time for your employees to be scammed. Especially as more and more people, with the rise of remote working, log into work accounts via their phone.
An estimated 67% of UK employees today, use their phones for work.
So, as a business owner, how can you ensure you keep yourself and your employees safe against scam calls?
The number one preventative method, like other forms of social engineering, is education. Educate yourself and your staff about how to detect phone scams and respond to them.
If you're searching for how do this, look no further. Here's our rundown at The Final Step of everything you need to know about phone scams.
Phone scams are big money. Of phone scams which are calls, an estimated 64% come from countries that are different to those of the victim.
A global industry, the biggest scam call operations are located in South Asia (in particular, India), Eastern Europe (primarily Russia) and Western Africa (Primarily Liberia).
A phone scam is, put simply, a scam that takes place over your phone. They can take the form of calls or SMS text messages. Calls are likelier to come from abroad, and texts are likelier to originate from the country you are in.
Phone scams are an extremely easy and affordable method for cyber criminals to scam people. There are entire databases available online detailing the leaked phone numbers of thousands of random people. Most of them are completely unaware their numbers have been leaked online.
Auto dialers, which can send millions of robocalls to random numbers via shady operators only cost a few quid a day. And spoofing tools, which trick your phone's caller ID into displaying a genuine personal or corporate number to increase the likelihood you'll pick up, are highly accessible.
Scamming via SMS text can sometimes require the victim to do as little as click on a sent link to begin the scamming process. Scammers easily take advantage of large scale events, like the Covid vaccination process, to send convincing, authoritative texts.
Fake vaccination dates, texts about free boosters, have all been used to trick people into scams. In 2021, as scams surged during the pandemic, UK citizens lost more than £2.3 billion.
All phone scams, no matter if they are live or automated, will try to coerce you to give up your private information. They may pose as authoritative figures, from government agencies to representatives of familiar tech, travel, retail or financial companies. Some may even pose as representatives of your company.
This is growing more common as technology advances. Phone scammers are taking advantage of voice replication and AI technologies and specifically using them to spoof high ranking company officials.
We covered a real-life incident of this which occurred in 2019, where a CEO was tricked by a criminal who was using deep fake technologies to sound like his boss, into transferring $220,000 to the fraudster.
Other scammers will find ways to impersonate family and friends, to play on your trusted relationships.
Then, these scams will attempt to derive specific information from you, mainly your pin, address or account information.
Some phone scams will try to delight you into sending them private info and cash, telling you you’ve received a special prize or sudden inheritance money. Others will try to scare you, accusing you of not paying your taxes or having done something illegal.
Phone scams, both call and SMS can target absolutely anyone. The idea they exclusively go after your nan is a myth, though the elderly remain common targets for scam calls.
There are phone and SMS scams now specifically geared up to target children, as we use phones now from younger and younger ages.
Some scammers, however, are extremely competent and you will not get these tells. They will sound confident, believable and trustworthy. They will engage in dirty tricks like redirecting calls so your attempts to authenticate a call will be unsuccessful.
Like any kind of victimisation, it is never your fault if you are preyed upon by a scammer.
But there are ways we can all work together to make them less successful in their endeavours.
The NCSC offer their advice on how to protect against phone scams, most of which mirrors our commonly held advice.
They also recommend that:
However, there are other ways you in your organisation can help protect against phone scams.
The most critical of which is employee training.
Your training should be more than just telling your employees the signs of a scam. You need to emphasise the consequences too. Often the best way to do this is through a story.
Sharing stories in order to teach is really powerful. They allow you to explore consequences and processes in ways that people are likelier to remember.
We have done this in previous years by showing our employees a scam incident reported by Radio 4's Money Box programme as an example. In it, one of their reporters was phoned by a scammer, and recording the call, he went along with it as if he was unaware of the scam.
This call is a pre-packaged form of training, as your employees will get to see how these scams typically operate and hear the input of a reporter who is well educated on the anatomy of phone scams.
Sharing one call to your employees one time, however, is not enough. You need to repeat your training and refresh it until it becomes part of the working culture. The call above remains a good resource you can return to and go over with your staff.
You finally need to follow this training up with rigid policies and expectations in your organisation that cover phone access and communication.
On a more general level, we recommend you always remember to shut the ‘GATE’ when taking a call. Which here means:
Know the organisation’s policies for phone calls, and the ones present within your organisation.
If a phone call seems at all out of the blue, or suspicious, clarify with an authoritative source outside of the call.
Check to ensure your phone number hasn’t been verified as stolen on some sites. Take training about phone scams and cyber security. Ensure you have a system set up in your organisation to authenticate calls.
Almost all cyber crime relies heavily on social engineering. The more you learn about phone scams and cyber crime in general, the better you will be at evaluating the situation you are in and establishing if a call is genuine. Always evaluate every call and text you receive with the information you have learned in mind.