Phone Support or Maintenance Scam
Criminals may adopt names, accents, company names etc. to trick you into engaging and trusting that they have legitimate business reasons to contact you. This is known as social engineering.
Phone scams are sometimes used to deceive businesses into revealing company financial or security information or into transferring funds to the criminal.
These phone calls come out of the blue. One common method criminals use is to pose as your terminal or till maintenance or support company, offering to talk you through a procedure over the phone to “fix a problem” or load the latest software. In reality they talk you through making a refund to their card.
In other cases they may use this tactic to gain physical access to your business, in order to tamper with your terminals or PIN entry devices or computer system to infect it with malware.
Fraudsters sometimes pose as a company supplier, the Gardaí/Police, a bank staff member or a building society requesting company financial details in order to “investigate internal fraud”. They may pressure you to move money from your account to a “safe account” which of course belongs to the criminal.
Key Advice
- Be very wary of unsolicited phone calls. Never divulge company or personal information until you have validated that the caller is a genuine representative of the organisation they claim to represent.
- Take the callers’ number and advise them that you will call them back once you have validated their identity.
- Look up the organisation’s phone number (by using the phone book or their website) and make contact directly with them to validate.
- Do not validate the caller using a phone number they have given you (this could be a fake number).
- If the caller is genuine, they will understand and welcome your need to validate them.
- Remember that it takes two people to terminate a landline phone call, you can use a different phone line to independently check the callers identity.
- Never allow maintenance staff access to your payment terminals or tills unless you have independently verified their identity.