VUMC Enterprise Cybersecurity (VEC) is issuing a warning to VUMC employees to be alert for phone scams targeting VUMC employees at either their work or personal phone numbers. This type of cybercrime is where a scammer uses a phone call to the targeted person (or an email or text message with contact phone number for the employee to call), posing as a representative of an external business, government, and/or law enforcement organization. The scammers that perpetrate these scams may come across over the phone as very professional and may have personal data about the employee.
Please note: phone numbers and Caller ID data can easily be faked or “spoofed” to appear as whatever a scammer wants to it show and is therefore not trustworthy.
The following are a few potential scenarios that could be encountered:
- The scammer poses as the Davidson County Sheriff’s Department, claims the employee has missed a court date and must pay a fine or face legal penalty (jail time, e.g.). They then request for the employee to immediately pay this “fine” via Bitcoin or via a bank wire transfer.
- The scammer poses as AT&T Internet Services, claims the employee has a virus on their computer and that their AT&T Internet connection will be disabled unless they work with the scammer to install some “security software” and clean up the computer.
- The scammer poses as the Tennessee Department of Motor Vehicles, claims the employee’s drivers license has been suspended at the request of the Federal Bureau of Investigation (FBI) due to fraud that the employee is accused of committing, and transfers the employee to another scammer posing as the FBI agent involved with the case. They then request to employee to immediately pay criminal penalties via a bank wire transfer.
Recommendations on how to respond for any of these and similar cases…
- After hearing the initial “lure” (or the story that the scammer gives as to why they are calling), immediately stop the scammer and ask them to confirm their name, the organization they work for, email address and phone number.
- DO NOT trust any contact information the scammer provides.
- DO NOT provide any personal information to the scammer.
- DO NOT provide any monetary payment.
- Tell them that you will be hanging up and *directly* contacting the organization they claim to represent to confirm the story (at this point, scammers will often “give up” and abruptly hang up the call…). Terminate the phone call at this time, if the scammer has not done so already.
- Determine the actual contact information for the organization in question via a Google search or other trustworthy means and call that organization to determine if what the scammer claims is in fact correct. Most likely, the organization will confirm that the claim is false and will have no record of an employee working for them with the name given by the scammer.
- Contact the local Police Department to open a police report about the scam and contact the Federal Trade Commission (FTC) to report it as well (see below).
- The FTC is an excellent resource in responding to scams of this nature: https://consumer.ftc.gov/articles/what-do-if-you-were-scammed