In my work, it is a ‘routine’ for me to receive cold calls from some companies.  The callers either tried to promote their companies or services, did a survey or wanted to send a ‘free’ white paper. Companies could easily find out about my DID number because my number (and so are all my colleagues in the company) is published on the Internet.

Such calls are really annoying.  Firstly, unlike junk SMS or junk emails/mails, you cannot simply ignore incoming calls.  Even though the calls are from the numbers you don’t know, you don’t know what’s the call about until you pick up the call and listen to what the caller says. It can be disruptive, especially when you are in the middle of work that requires concentration.

I always asked the caller to email me the information and then end the call.  I don’t mind to give them my email address, I could simply read those materials anytime or quickly delete them if I don’t find it useful. If I find the materials or services are relevant to me, I would call or email the company for more information.

However, most of callers did not want to stop at email address.  They continued asking questions regarding the IT in my company.  The main issue with such calls is I have no way to verify the caller.  I am acutely aware about social engineering. The caller may be claiming from one company, but what he wanted is to gain insight on my IT infrastructure; such insight may be useful for them to penetrate the IT system.

It does not help that I noticed number of such calls surged after I changed portfolio from Application to Infrastructure.  Every day, without fail, I received at least one such cold call.

I prefer to be safe than sorry. I usually asked the caller to drop me email for the questions.  If they insisted to continue with questions over the phone, I simply hung up.

But sometimes the callers can be quite daring.  One day I received a call claiming that my CIO (Chief Information Officer) had a meeting with his company and my CIO asked him to call me.  What puzzled me that the company has been a long vendor with us and my ICO and I just met with their management a week earlier.  He asked some questions regarding our infrastructure and he became impatient when I declined to give any information.  He even threatened me that he would let my CIO knows that I was not cooperative.

A few minutes later my colleague across the table received the call and from his replies, I could deduce he received similar calls and I quickly gave me the notes that the call should be terminated. Everybody in the division was alerted and true enough almost everyone received such call.

It did not stop there, one month later I received similar call, this time claiming that my Assistant Managing Director (AMD) was the one who asked him to call me.  Same pattern, same alert ringing across the division.  I joked that at that rate soon the caller would claim that my MD and later chairman asked him to call us.  It did not happen, though.