Group Email Manager

login signup
Re: Scam alert: Watch out for phone calls from "Mrs. Larson"/American Directory Listing Kate Isaacs 17 Dec 2004 20:39 UTC 
I've been sharing this discussion with my husband because he has been involved in Security angles of his profession in various degrees (I.T., disaster preparedness and business continuity, and so on) for years now and finds this sort of thing interesting.

I, also, as some of you have expressed, find myself amazed that such tactics are used as we have seen described in today's discussion, because it seems so obvious that simply asking for the fax in question or asking for the details or for that matter saying, "Why yes, let me transfer you to our attorney right now, just one moment," (and see if they can hang up before you complete the transfer button-pushing!; if not, let them stammer their way through getting off the phone with the attorney---if you even knew how to transfer them to said individual; if not, I might say I was transferring them to the attorney but really transfer them to in-house security or some such) would stop the whole thing in its tracks . . . but my husband just remarked to me about why such "social engineering" (as he has called it for years; that or "social hacking") tactics do succeed:

"As crazy as it sounds, large institutions are still vulnerable to this simplistic attack.    Meek receptionists or students manning phones on the front lines are easily cowed by this attack, (unless properly trained - a generally lacking component).  Then the invoice comes into a overburdened Accounts Payable department which in my experience will
immediately pay invoices under a certain amount (~$1,000) and find out more about it later.  (When it's too late.)  This is the kind of situation these scam artists are counting on.  Unfortunately they are more successful than not.

Security Awareness is NOT just about IT - with viruses, worms, etc.  It will teach people, especially those on the front lines taking these kinds of calls, what they need to know to properly handle them."

Rick Anderson's book probably addresses that very thing for that very reason.

	-----Original Message-----
	From: SERIALST: Serials in Libraries Discussion Forum on behalf of P V Picerno
	Sent: Fri 12/17/2004 12:45 PM
	To: SERIALST@LIST.UVM.EDU
	Cc:
	Subject: Re: [SERIALST] Scam alert: Watch out for phone calls from "Mrs. Larson"/American Directory Listing

	Cindy,

	I also can't imagine what scam artist would try to bilk an institution by
	threatening a lawsuit as the opening line of a conversation!
	My first reaction would be to ask "Mrs. Larson" to send (fax) me a copy of
	the fax in question so that I could check what it was about before
	proceeding to take any action about it. I would think that if she were
	unable to send a fax of the fax that that would end the conversation right
	there. The other tack (which might also stop things dead in the water) would
	be to ask what the fax was about because if it was an order or regarding an
	invoice, then I would have the original copy of the fax which was allegedly
	sent and therefore could address its contents.
	As scams go, it sounds like these folks have some things to learn -- I mean,
	if they want to trump up a non-paid invoice or phony order, then the
	business office would be the place to go to to resolve that (if not the
	acquisitions department itself). Furthermore, in any kind of legal action,
	THEIR legal counsel talks to YOUR legal counsel and if things have gone that
	far, their lawyer already knows who your lawyer is.
	Maybe we should send Mrs. Larson a list of other known scam-agents so that
	she could get some mentoring!!

	Peter Picerno

	Dr. Peter V. Picerno
	Scarborough-Phillips Library
	St. Edward's University
	3001 South Congress Ave
	Austin  TX  78704-6489
	512.464.8825
	fax 512.448.8737
	Please note that my new e-mail address is: petervp@admin.stedwards.edu

	-----Original Message-----
	From: SERIALST: Serials in Libraries Discussion Forum
	[mailto:SERIALST@LIST.UVM.EDU] On Behalf Of Lafferty, Cindy
	Sent: Friday, December 17, 2004 11:15 AM
	To: SERIALST@LIST.UVM.EDU
	Subject: Re: [SERIALST] Scam alert: Watch out for phone calls from "Mrs.
	Larson"/American Directory Listing

	Rick,

	Thanks for warning us about this scam.  Could you clarify exactly what
	these people are trying to accomplish?  I'm aware of the scam involving
	callers asking for the model of your copier/printer/fax so they can send
	you toner with inflated prices in the hope that you will pay it assuming
	that someone else ordered it, but I'm not sure how these people plan on
	making money off of haranguing people.

	Cindy

	-----Original Message-----
	From: SERIALST: Serials in Libraries Discussion Forum
	[mailto:SERIALST@LIST.UVM.EDU] On Behalf Of Rick Anderson
	Sent: Friday, December 17, 2004 10:44 AM
	To: SERIALST@LIST.UVM.EDU
	Subject: [SERIALST] Scam alert: Watch out for phone calls from "Mrs.
	Larson"/American Directory Listing

	Hi, everyone --

	I just got off the phone with someone who identified herself only as
	"Mrs. Larson", and said she was calling because of a fax I had sent to a
	directory publisher.  (She said the name of the publisher very quickly,
	and I didn't catch it.)  She said that she wanted to speak with our
	attorney.  I offered to give her the name and number of the appropriate
	office, but first I wanted to ask her a few questions of my own.  I
	asked for her full name, which she refused to give me.  I asked for the
	name of the company she works for.  She said her "office" was called
	Pentium Capital.  I asked whether it was a law firm, and she said yes.
	When I asked for her phone number, she gave me (514) 693-5171.  When I
	tried to ask another couple of questions, she got very indignant and
	asked if I was refusing to give her the name of our attorney.  I said
	no, but that I wanted to know a little bit more about what was going on.
	She told me she'd see me in court and hung up.

	I looked up "Pentium Capital" on Google and found an Asian financial
	company or two, but nothing else.  Since she had given me a phone
	number, I decided to call it and see what happened.  The call was
	answered by an automated attendant that said "Welcome to our corporate
	offices."  When I dialed zero I got a live person who said the same
	thing, so I asked what company had its offices there.  She said that
	several companies did, and when I asked her to list them she did so
	quickly and nervously; one of them was American Directory Listing.  When
	I asked her to repeat the list more slowly so that I could write them
	down, she got very uneasy and said she was just a receptionist; then she
	said she was just an answering service.  When I said "That's okay, all I
	need is the names of the companies," she told me to hold.  Then she
	transferred me to another phone line, which was answered by none other
	than "Mrs. Larson."  When I asked "Mrs. Larson" the names of the
	companies she represented, she got very huffy indeed and asked me who I
	thought I was.  I told her I thought I was the person she had called and
	threatened with legal action just ten minutes earlier.  Strangely, she
	didn't seem to remember me, but she got very angry and started yelling,
	and told me never to call that number again.

	The reason I'm telling you all this story in such detail is that ADL is
	a company we've all had dealings with before, and I know of at least one
	other librarian who has gotten a call from "Mrs. Larson" recently, so we
	(and our staffs) all need to be on the alert.  She is very aggressive
	and probably capable of bringing someone on your staff to tears if she
	gets the right person on the phone.  (I'm fairly experienced in dealing
	with these people, and even I was a bit shaken after our initial
	conversation.  The second conversation was so off-the-wall that it was
	actually quite comforting -- there was no longer any doubt in my mind
	that I was dealing with a scam artist.)

	Be strong and wary...

	----
	Rick Anderson
	Dir. of Resource Acquisition
	University of Nevada, Reno Libraries
	(775) 784-6500 x273
	rickand@unr.edu