Scammers Pretending to Be IT Support May Show Up at Your Office in Person

A new extortion group called Silent Ransom Group is taking a surprisingly direct approach to infecting computers with ransomware. Instead of just sending emails or hacking remotely, they are calling employees at businesses and pretending to be IT support staff.

If the phone calls do not work, they actually send someone in person to the office who will try to plug an infected USB stick into company computers. Once the malware is installed, the criminals can lock up company files and demand payment to unlock them.

This threat affects anyone who works in an office environment, especially employees who might receive calls from people claiming to be from IT support or who might encounter unexpected visitors. If you work from home and connect to a company network, you could also be a target if scammers call your home phone or personal cell pretending to be from your employer's tech support team.

Small and medium-sized businesses are particularly vulnerable because they may not have dedicated security staff to verify these kinds of requests.

1. Never follow instructions from unexpected phone calls claiming to be from IT support, even if they sound official.
2. If someone calls asking you to install software, download files, or change settings, hang up and call your IT department directly using a number you look up yourself.
3. Never plug unknown USB drives into your work computer, even if someone hands it to you in person claiming to be from IT or a vendor.
4. Report any suspicious calls or in-person visits immediately to your IT department and security team.
5. Verify the identity of any repair person or IT contractor before allowing them access to computers. Call your IT manager to confirm they were actually sent. Create a long-term security mindset at work by remembering that real IT support will never mind if you verify their identity before following instructions. Establish a code word or callback procedure with your actual IT department so you can always confirm legitimate requests. Talk to your coworkers about these threats so everyone knows to be cautious. If you manage a team, create clear policies about who is authorized to handle IT equipment and how to verify visitors. Building a culture where employees feel comfortable saying no to suspicious requests, even from people who seem official, is one of the best defenses against these increasingly bold criminal tactics.