When A Criminal Calls
Steps to Take Against Phoned-in Threats
See Also: The Global State of Online Digital Trust
The recent “hostage” by phone scam that hit numerous retail stores and several banks in more than four states points to a question for other financial institutions that were not targeted. (See FBI notice: http://www.fbi.gov/pressrel/pressrel07/extortion_threats083007.htm).
What would your institution do in the event a caller phoned in a bomb threat and claimed to be ready to blow up the branch or office if money isn’t wired to an overseas account?
This combination of a physical threat delivered by electronic means with an anonymous caller makes even the most experienced law enforcement officer’s brain work overtime to solve the crime. The first step for your institution is to have an incident response plan already in place, ready to trigger in the wake of such an event.
According to the Federal Bureau of Investigation, which is investigating the recent crimes, analysts are sifting through local police reports to identify similarities in the threats. In general, the FBI recommends that you take seriously the threat of a potential bomb at your institution. These threats may be alarming to the public, and the FBI suggested the following steps be taken when responding to a phone-in bomb threat:
1. Questions to ask the caller:
When is the bomb going to explode?
Where is the bomb located right now?
What does it look like?
What kind of bomb is it?
What will cause it to explode?
Did you place the bomb?
What is your address?
What is your name?
What is your phone number?
2. Document the EXACT wording of the threat and caller’s response.
3. Apparent gender, race, and age of the caller.
4. Characteristics of the caller’s voice (calm, angry, excited, accent, etc.)
5. Background sounds (street noises, static on the line, etc.)
6. Threat Language (well spoken, incoherent, taped, irrational)
7. If caller ID is available, write down the telephone number.
8. If businesses are capable of recording telephone calls, maintain them for police.
Incident response planners for institutions need to review the physical and logical security possibilities and be prepared ahead of time to respond to this and other threats to the institution. Further, if any suspicious emails are received by employees or customers of the institution, these should also be preserved as possible evidence for law enforcement officials.
For more information: www.fbi.gov.