Printer Model/Toner Social Engineering Scam

Jan 14, 2016

University staff members are reporting they have received phone calls from outside entities requesting printer model numbers.  So far this social engineering scam has been specifically for HP products.  The “vendor” will ship toner and printer supplies to any departments that disclose this information.  This will result in a large outstanding invoice, with the vendor demanding payment because they were given verbal consent for the products shipped.  Please be aware of this situation. 

Additionally, follow these best practices to prevent getting caught in a social engineering scam:

  • Be alert and do not rely on identification alone for authentication.  Gather specifics about the person soliciting personal information from you before obliging to their request.  Who are they?  Where do they work?  What is the call regarding?  Politely ask for a call back number and tell them you will get in touch with them at a more convenient time.  This grants you the opportunity to do some investigation beforehand and you can call them back when you are clear of all distractions.   
  • Never share your password!  A legitimate organization will never ask for your password. 
  • Pay attention to the information requested.  If you are asked for details that the organization is already privy to, do not provide the information.  For instance, you should be suspicious if a company is calling you to confirm your credit card number and security code. 
  • Keep your guard up.  Social engineers will use several methods to gain your trust and cooperation.  You should be leery of individuals being overly friendly, aggressive, or insistent as these are common social engineering tactics.  Bottom line, if you do not feel comfortable then you should trust your instincts. 
  • Be aware of your office surroundings.  If you see someone you do not recognize roaming the vicinity then address them.   They could simply be lost or they could be looking for information left carelessly unattended.  Always lock up personal items and confidential information when you leave your area.  Additionally, if you work in a building where ID badges are required to gain entrance then do not allow strangers to follow you in.  This is called ‘tailgating’ and it is a very common approach used by social engineers. 
  • Report suspicious activity.  Inform your direct supervisor or the police if you believe the situation warrants their involvement. 

Thank you for all your assistance in safeguarding the University's information assets and systems!