chevron-down Created with Sketch Beta.
October 26, 2023 4 minutes to read ∙ 1000 words

Ask Techie: How Do I Know If the Sales Call I Get on the Phone Is Legitimate?

Welcome to the latest installment of our monthly Q&A column, where a panel of experts answers your questions about using technology in your law practice.

This month we answer readers’ questions about how to tell if a phone call is really a scam and what is the best cybersecurity checklist for small firms.

Q: How Do I Know If the Sales Call I Get on the Phone Is Legitimate?

A: It can be hard to tell whether a sales call is legitimate or not, but there are some signs that can help you spot a scam.

I bought a car earlier this year that came with a short Sirius XM satellite radio subscription. It has since expired, and every now and then, I get a call from Sirius XM offering a discount subscription package. It makes sense, right? My subscription recently expired, and Sirius XM is probably trying to recapture lost subscriptions for their numbers. But that still isn’t enough to trust the call. Here are some tips to avoid falling for a phone scam:

  • Do not answer calls from unknown numbers. If you do answer, hang up as soon as you realize it is a sales call.
  • Do not trust your caller ID. Scammers can spoof any number they want, even ones that look familiar or local. In other words, the caller ID may read “Bank of America” even if the call isn’t from Bank of America.
  • Do not give out any personal or financial information over the phone, such as your Social Security number, bank account number, credit card number, or passwords. Callers will talk fast, offer some incredible deal, and then tell you they need to secure it with your credit card details. If you refuse, they will pressure you by saying they can’t hold the deal open for you and that it won’t be available if you call the company directly (or something to that effect.)
  • Do not agree to pay anything up front for a product or service. Legitimate salespeople will not ask you to pay with gift cards, wire transfers, or cryptocurrency.
  • Do not press any buttons or follow any instructions from an automated message. This could lead to more unwanted calls or charges on your phone bill.
  • Do some research before you buy anything over the phone. Check the company’s website, customer reviews, and ratings from the Better Business Bureau. You can also search online for the company’s actual phone number or offer to see if it is a scam.
  • Do report any suspicious calls to the Federal Trade Commission (FTC) at, or you can call 1-888-382-1222 (TTY: 1-866-290-4326). You can also register your phone number on the FTC’s National Do Not Call Registry to reduce the number of telemarketing calls you receive.

If you want to sign up for a service or inquire about any special packages, it is best to contact the company directly and ask rather than trust your “luck” with a random call from a stranger.

Techie: Ashley Hallene, JD, GPSolo eReport Editor-in-Chief ([email protected]).

Q: Is There A Cybersecurity Checklist That Is Practical for Our Small Firm?

A: Check out the GCA Cybersecurity Toolkit for Small Business from the Global Cyber Alliance (GCA).

The Global Cyber Alliance is a nonprofit organization dedicated to making the Internet a safer place. The founding members are the Manhattan District Attorney’s Office, the City of London Police, and the Center for Internet Security.

Streamlined for small businesses, the Cybersecurity Toolkit gives practical advice and how-tos you can follow to reduce your risks. You don’t need to be a technological whiz to use the tools. With cybercrime against small firms on the rise, it’s well worth your while to improve your protection.

The Cybersecurity Toolkit offers these advantages:

  • Recommendations are less time-consuming than typical checklists and plans.
  • It covers good, free tools you can use right away.
  • The purpose of each tool is explained in brief, comprehensible language.
  • The toolkit website navigation is well-organized, supporting step-by-step actions.
  • Each tool has an estimate of the time you’ll need to use it, typically 15 minutes.

The tools are collected on a webpage divided into six main topics: (1) Know What You Have, (2) Update Your Defenses, (3) Beyond Simple Passwords, (4) Prevent Phishing and Malware, (5) Backup and Recover, and (6) Protect Your Email and Reputation.

Each of these main topics is expanded into subtopics. For example, the third topic, Beyond Simple Passwords, contains the subtopics Strong Passwords, Tools for 2FA, and Manage Your Passwords.

An example of one of the tools recommended by GCA is Fing, an application that lists an inventory of all the wired and wireless devices connected to your office network. The free version is ad-free with a good subset of comprehensive features. An inventory of your devices is important so that you can keep them all protected with security releases and upgrades.

A missing tool in the Cybersecurity Toolkit is one that lists all the software installed on your computers. Instead, it offers an Excel spreadsheet template that requires you to manually collect the installed software programs and list them in the spreadsheet rows. It estimates the required time at four hours. Forget about that!

Let me suggest a free software inventory program from a trusted source that identifies and lists your software for you. It requires no installation. Run UninstallView from on each of your PCs to get a list of all the installed programs for each computer.

UninstallView is designed to allow quick uninstallation of any application, but it serves very well as an inventory utility. To use it:

  1. Copy three files out of the downloaded Zip file to a folder on the C: drive.
  2. Double-click on UninstallView.exe.
  3. Click on the column heading for Install Location to sort the programs by folder.
  4. Review the programs in the C:\Program Files (x86) and C:\Program Files folders for any that should not be there.
  5. You can uninstall unwanted programs easily, but be sure you know what you are doing so that you don’t break Microsoft Windows!

You can seriously reduce your risks by implementing the recommendations of the Cybersecurity Toolkit for Small Business. You would also be wise to work with a trusted cybersecurity expert who has small-firm experience. Their work can be less involved and less expensive when you already have a good checklist and have many of the basics covered.

Techie: Wells H. Anderson, JD, GPSolo eReport Contributing Technology Editor and CEO of SecureMyFirm, 952/922-1120,—we protect small firms from cyber threats with affordable, multiple layers of defense.

What’s YOUR question?

If you have a technology question, please forward it to Managing Editor Rob Salkin ([email protected]) at your earliest convenience. Our response team selects the questions for response and publication. Our regular response team includes Jeffrey Allen, Wells H. Anderson, Ashley Hallene, Al Harrison, and Matthew Murrell. We publish submitted questions anonymously, just in case you do not want someone else to know you asked the question.

Please send in your questions today!

Download the PDF of this issue

The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.

Published in GPSolo eReport, Volume 13, Number 3, October 2023. © 2023 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association or the Solo, Small Firm and General Practice Division.