From IL Retail Merchants Association
April 13, 2015
Please be cautious of a fraudulent company currently targeting small and mid-level retailers with online shopping capabilities. Recent reports detail phone calls made to businesses inquiring about analytic services. These calls are part of a large-scale financial breach directed towards retailers and their customers.
What to look for: The caller disguises himself as a newly established company offering services to analyze a retailer’s shopping cart traffic in order to produce a “valuable” report that can increase web-based revenue.
The risk: After granting access to the business’ ecommerce information, the hacker steals the financial data from both the business and customers.
Tips to identifying a social engineering scammer:
If you or your employees are unsure of the callers intent, take extra steps to verify them!
- Have someone technical request additional information from them rather than allow your membership/ sales person to discuss. They will not be able to answer technical questions about their product.
- Look at the hacker’s website. It will appear very simple or poorly constructed.
- Ask for their address. You should be suspicious if their only available business address is a P.O. Box.
- They may claim to be doing business only in your state and give you the name of a local city. Try quizzing them about the local area through engaging conversation; they will not be able to name nearby cities or know relevant information.
- Ask if they can provide a portfolio or a list of their previously serviced companies.
- Be aware if they use a Google Voice phone number or a recycled/disposable cell phone number. (An internet reverse phone search can provide this information)
- Ask to call them back. They typically do not answer the phone when you call them back. They need to be able to call you back, so they can prepare and gather your target file for the scam.
- They may have a foreign accent and sound like they are reading from a script.