The other day I received a call from a VP at Microsoft USA. The gentleman said I should be very concerned that my computer was out of warranty.
The “VP” went on to say that I should connect to their mainframe to ensure it was working properly.
My answer: “I’m not an idiot. I know you’re not from Microsoft.”He continued the charade, and I said something like, “I think you should give me your social security number and all your personal information.”The “Microsoft” gentleman then instructed me to stick a body part in a place I don’t think it can anatomically go.
I also recently got a text from my bank (from an 888 number) to change my banking password. I was physically at the bank at the time, and my banker and I had a giggle. We took a screenshot and shook our heads.
Over the last 45 days, I have received an email request from every single one of my employees from a Gmail account requesting to change their direct deposit.
In the past month, many of my employees received a text message from a cell phone number that isn’t mine that starts with a how are you? Its Eileen Levitt. Can you do me a favor? I’m in a meeting. And when they answer, they are then asked to buy me $2,000 of e-gift cards to be sent to some random email address.
For what it is worth, Microsoft will never call you directly, your bank does not use 888 numbers (they are almost always 4-digit numbers), employees may email you about direct deposit (but not likely from a random Gmail account), and Eileen Levitt will never ask you to buy her gift cards from a cell phone number that isn’t hers.
We live in a world where scammers are everywhere, and we cannot trust anything.
So what do we do?
Trust, but verify. When we receive a request from an employee/vendor/client that we don’t recognize or appears to be financially related, call that employee/vendor/client to verify it came from them. Even if the information seems benign (aka, mortgage application, verification of employment), if it is something signed by the employee, match the signature. If it isn’t signed, request a signature and then call the employee/vendor/client at a number you have on file (not the one provided) and verify that the request is legitimate.
Long story short, don’t trust anything from anyone asking for something that can or may involve money or sensitive information (social security numbers), and do not respond to that text, email, etc., as it will confirm that the scammer has the correct information.
HR is no joke, either. Don’t be fooled. For the real deal, contact us.