It almost reads like a comedy with a phishing story included. But it’s not, it is, or was, reality.
A client of mine has been registered with a free teleconferencing company that has a web based control panel which we’d been using for teleseminars. Late last year she got an email saying that she needed to renew her registration and they’d changed their number. She sent it to me and I said, ok, we’ll need to update the web promotion – which we did for this year.
We logged in yesterday after dialling in to pre-test the system for Thursday’s event (which is what we always do), and started to run into problems. She was never asked for her pin code to be the moderator of the call, therefore the recording mode was not operable. I could log into the website but was unable to access the web control interface which helps us to track the number of callers on the line, to mute out those who aren’t speaking, and so on. Something was definitely wrong.
I tried to fill out their contact form but it wanted a list of code numbers relating to the call – I only had two of them and they needed four. I’d not needed that many before. My client gave me an email address she had for the head guy so I emailed him outlining our problems and I got a quick response of apology advising we’d been given the wrong phone number for a recording account and he would organise that straight away.
A new number and code number was given to us and we realised we’d need to notify all the attendees for the conference coming up so I prepared an email to go out, but didn’t send it till my client had approved it. We kept missing each other yesterday and finally caught up with each other this morning prior to the call. Something was still amiss and so I tried again and sent an email. I wanted to know why we no longer had web access and the reply was they’d never had it but that their service didn’t need it. That’s when the penny dropped. It was a different teleconferencing company.
It seems what happened last year was that a teleconference company my client had made contact with, and registered with, about 12 months previous sent her an email to renew her registration. They have a very similar domain name and use the same colouring on their website. What made it more difficult for us was that the website we had been logging into regularly had changed its look over the Christmas period and things were in different places. So, with the changed website we’d thought nothing of the changed phone number and code number either. I’d not been able to access the web control panel because my client wasn’t dialled into their system but we had no way of knowing that at the time. A series of things led us in the wrong direction entirely.
Now, if we can make this mistake with a genuine company that emailed us and end up in the wrong place, imagine how much more difficult it would have been had we fallen for one of those phishing emails and logged in with important and private information? Thank goodness that wasn’t the case and thank goodness we’d not sent that email out – because another would have had to go as well with yet another number and the original code we’d had in the first place. Egg off our faces, we updated the email that was going out with the correct phone number and code, after we both dialled in, and I accessed the website and we tested the system. It worked! KMT