Work has recently gone with running a project thru an outsourcer (something new for them). Let’s call the outsourcer “Bozo” (not their real name). I heard thru a group call they’d been appointed (nothing in writing but a catchy name for sure). Next thing I get an email from “Bozo” asking to meet with me via Teams late the next evening to discuss best way forward (I ran the PoC personally, so I would be the obvious choice to get info from)
But no one else in the org was invited to the meeting… not the boss who approved it, not the stakeholder, not the SME
They dropped names (perfectly) of people and our equipment in the invite – obviously 100% legit ?
I straight away thought: either this is legit - or it is the mother of all social engineering vishing hacks, the sophistication of which will never be seen again
All I had was an email address form the inviter… bozo.something. But was that legit? Were the real company bozo.net or bozo.biz… they were offshore so bozo.com.country maybe?
I joined the meeting, thinking it was 100% legit, but still gave them no distinguishable company detail. Just instructions, like move it to the datacentre, then decommission it (with every how to step detailed, but not names or IPs). A very constructive meeting, and the gentleman (who was in Belfast of all places (their company was not based there)) was very grateful for my input as he got all he needed
SO IN CONCLUSION: I was invited to the call and had (a little) time to reflect and read the invite as many times as I wanted. Someone in an inbound call centre answers a call with no notice – the caller is hostile, angry, says I’ll have your job if you don’t help me RIGHT NOW… you have a family, you need this job… you are frightened… I feel for that person, I hope Qantas supports them through the trauma they must obviously be suffering
Oh, and if you don’t want humans in call centres making mistakes then stop hiring humans
, Qantas would rightly say 'get stuffed. The next DSC will be on ....'.
