NEWS FROM THE EDGE

Tech Tips and Advice from the Experts at Dynamic Edge

With So Many Phishing Attacks, How Can You Tell What’s Real?

Earlier this morning, Ruben from Google was calling to check up on my Google Adwords account. Ruben introduced himself working in California at Google and had informed me that he had been analyzing my Adwords accounts and wanted to discuss some areas of improvement.

Then and there, I assumed that Google was trying to engage their clients. To give us some customer support simply to keep us in the know about their products and how to best leverage their services to get us more raving fans.

As Ruben continued from his introduction to his pitch, I realized that he did not sound like any of the other Google reps I’ve dealt with in the past. After the 3rd try of stopping his soliloquy about how inefficient our Adwords campaigns were and how he was, with our permission, going to optimize our website, did I conclude that Ruben did not work for Google at all.

When I finally was able to ask him which department in Google he worked, he simply told me that he wasn’t a part of Google at all. He was a Partner.

For all of you who don’t know what that means: a Google Partner is someone who spends a certain amount of money (either of their own or of their clients) with Google Adwords and has taken Google’s certification examinations.  They are in no way a part of Google’s organization and may or may not be credible when it comes to really trying to help your business.

In my conversation with Ruben, I was told that if I wanted to really optimize my website for Adwords or even organic search, I had to give him access to my accounts. Not simply share data from my account—typically when a professional wants to evaluate your Adwords or Analytics accounts, they will ask you to share read permissions with them—he wanted me to hand over my credentials.

Now I’ve been in this business too long to unsuspectingly hand over information. And when I hung up from the call, I thought—I hope all of my clients would do the same thing I just did. But then I was reminded that tens of thousands of phishing attacks attempt to penetrate businesses daily.

The unfortunate truth is that you can’t keep your doors open to strangers anymore. Even if we have the best intentions helping them, they might not have mutual intentions back. While Ruben may have been trying to help me, he deceptively poised himself as a representative of Google. When I called his bluff, he started morphing his story into something else that could be perceived as more believable.

So How Can You Really Tell Who Is Legitimate?

The truth is, it’s kind of difficult to take people at face value nowadays. Here are a few steps to help you verify whether to trust the person on the other end of the line:

Ask for details—most scammers try to sell you on vague ideas. My Adwords campaigns were “inefficient”. When I asked for which words were under-performing, it took him a minute to come up with some. And when he did, the words did not match any of my campaigns! If someone cannot give you some specific details (especially details that would be relatively hard to get ahold of unless they were really who they said they were), they likely are not legit.

Ask to call them back—if someone is trying to misrepresent themselves, they are definitely calling from the business they say they belong to. Call back a published number on the real website to make sure you are talking to a credible representative. I recently had received numerous calls from an investment firm asking to validate my personal information for security purposes. When I tried calling back the firm from their published number, I found out that no one had been looking to verify my account info. I definitely was glad that I hadn’t shared my information with the man that had initially called.

Be skeptical—I realize that skepticism is not in everyone’s nature and that it might sometimes come off as rude, but I’ve learned in securing information, we have to be skeptical. Ask questions. Don’t make assumptions that people trying to reach you always have your best intentions. There are so many people that DO want to help, but there are enough bad apples to make you want to look for worms. When dealing with emails or phone calls from people you’ve never met or from organizations you’re not familiar, err on being a little skeptical. The truth is: those organizations—banks, doctor’s offices, insurance companies—should appreciate that fact that you’re trying to protect your personal information rather than accidentally handing it over to an unintended thief.

The bottom line: It’s hard keeping your business data and personal information safe!

What can you do?

Get security training. The easiest door for criminals to breach is through your staff’s misjudgment. If they don’t suspect anything wrong with requests for credit card or personal information over email or from someone unexpectedly calling in to the office, you might be putting your business at risk. Contact me TODAY for a security plan to keep your business data safe and your team vigilant.

Comments are closed.