Alerts Phishing

PHISHING ALERT: Tech Support Scams (Vishing)

The Office of Information Security has observed a recent uptick in ‘tech support scams’ that attempt to trick unsuspecting victims into calling a fake customer-support number to discuss alleged problems with their devices or services.

How do customer service scams work?

These scams often closely mimic actual support pages and contact information to fool unsuspecting victims into providing personal information or cash (typically in the form of a gift card purchase) by impersonating support services. Many of these scams employ a tactic known as “vishing” or “voice phishing” that occur when similar tactics used for email phishing scams are applied to voice platforms, often in the form of unsolicited phone calls. Some of these call scammers have the capacity of “spoofing” phone numbers (much in the same way that phishers spoof email addresses), so the calls appear to be coming from legitimate sources.

How can you avoid falling victim to customer service scams?

The best thing you can do to avoid becoming a victim of this type of scam is to treat any unsolicited contact from a company or customer service organization with the highest degree of skepticism. If you ever receive a message from an organization asking you to call back at a specific number, you should find another way to obtain contact information for that company that you can be certain is legitimate. For example, if you received a vishing or phishing message asking you to contact your bank at a specific number, you should not immediately trust the contact information contained in the message. Instead, use the number on the back of your bank card to reach your bank and inquire about the legitimacy of the original request.

The same is true if the request appears to come from an established company like Apple or Microsoft. Recipients of these requests should never reach out to those companies using the information provided in an alleged correspondence from them. Instead, recipients of these sorts of messages should find the official contact information for those companies through their official channels, then use that information to contact the company.

Additional Resources

Connect with the Office of Information Security

If you receive an e-mail such as this or any other suspected phishing attempt, please do not click on any links or download any files from the e-mail. Simply forward the e-mail to phishing@wustl.edu and delete the e-mail from your inbox.

If you have additional questions or concerns, please reach out to us at the Office of Information Security at infosec@wustl.edu. We appreciate all that you do to keep our university secure.