Hackers are masquerading as BT support staff to worm their way into your network. Here's what you need to look out for.
We have had a number of instances this week of scammers calling our customers masquerading as BT support staff.
Here's the play-by-play:
The scammer claims that your IP has been made public and you are vulnerable to attack. They say they need to help protect you from fraudsters accessing your systems by privatising your IP address.
The thing is, BT is a huge company. They are one of our strategic partners and we really rate their products and services. The fact that we do partner with BT somewhat makes the scam believable to our customers, but the idea that BT is ringing their millions of customers directly in relation to an issue like this is very unlikely.
Once the fraudster has your attention, they send you a link that looks like a BT web page. A quick scan of the URL might alert you to the fact that it resembles a BT URL but is not one. If you comply with their requests, they will end up installing software on your computer which can give them full control of your system. This is a big problem, as once they are inside your system they could:
Copy your private data to their servers
Encrypt your data and ransom you for its return.
Extort money from you if they find data on your system that you would rather keep private.
Transfer money out of your bank account depending on what they gain access to on your computer.
Why are we saying all of this? Well, as they say, forewarned is forearmed! Knowing that this scam is doing the rounds can help staff feel more confident about just putting the phone down.
Here are a few things to check:
Ensure that you have removed admin rights from staff so that hackers can do very little if they get in. Bonus points if you check out our latest video on this.
Consider enrolling in end-user awareness training to ensure staff are well prepared for eventualities like this.
Ensure you have multi-factor authentication and compliant device enabled on your organisational security to make breaches as difficult as possible to execute (Hint: keep an eye on our social media for upcoming videos on these topics).
If any of this sounds like gobbledegook, call your account manager and ask for some help. They have fantastic technical capabilities and will be able to examine your configuration inside the Nitec Portal to check your compliance.
And remember, if in doubt, always, always double-check. It's always best to put down the phone and call back on a trusted contact number - or once again, check with Nitec and we can look into it.
