Every once in a while, our office gets these calls from people who need just a little more information so they can send us that copier toner we ordered. Thing is, we didn’t order any toner, but these callers sound so convincing that it’s hard not to just go along. After all, they only need a name, or a number, or some bit of confirmation. I got a call yesterday from one that told me our rates were going to change, but they were going to send us one more toner at the old price. I nearly fell for it because she knew my name and the kind of copier we had, but I asked her to call back later, and in the meantime I checked out the price we are currently paying for toner and it didn’t match up.
I had a different caller today. This one needed the serial number from our fax machine.
Me: Why do you need that?
Liar: Well, we just wanted to confirm that you’re getting the right toner for that machine.
Me: We didn’t order any toner.
Liar: Oh, I know, but it’s for someone else in your department who’s using the same kind of machine.
Me: Hmm. Well, why don’t you give me your phone number and–
Liar: click <dial tone>
Ha! A small victory, but it felt good. I read a book not too long ago that is making me a little more wary about giving out any kind of information over the phone to people I don’t know: The art of deception: controlling the human element of security, by Kevin Mitnick. It’s pretty interesting what people can do after getting some small piece of information and using it later on to make themselves sound legitimate.