February 04, 2016

Faculty, staff reminded to be alert for suspicious calls, emails

Faculty and staff are reminded to be alert for suspicious telephone calls and phishing attempts. 

During the week of Jan. 25, the Office of Information Technology began to receive complaints from employees in several departments about an email with the subject: “Southern Illinois University paperless W2 Program.” You should know this program doesn’t exist and the email is not legitimate. Do not click on the link in the email. 

Staff also reported receiving suspicious phone calls. The callers identified themselves by name and claimed to be with the university’s human resources office. 

Callers began conversations by providing correct and familiar information, then asked add-on questions about people in the department. When questioned about their inability to access the information by computer, the callers explained that they were working from paper copies while their computers were down, and did not have access to virtual records. Fortunately, the targeted people quickly recognized this as a devious attempt to cull information known as “phishing,” using apps that make “caller ID spoofing easy. 

Phishing is merely an attempt by someone using the telephone or Internet to get information from you. Reputable businesses and organizations, including SIU Carbondale, will never call or email you and ask for secure, personal information including your birth date; credit card, identification, or Social Security number; username, password, or pin code; or financial account information. 

If someone requests this type of information by phone, capture the phone number and end the call. If it is by email, retain the email but do not open any links in the email. Report the call or email the Department of Public Safety. 

How does this happen? Caller ID spoofing services and apps now make it easy for a deceptive caller to mask the phone number and replace it with another number or caller ID. For example, you might believe a call originates at the local courthouse, but it is a scammer using that identity to coax you into sharing information. An important reminder is to be wary when questions begin. 

Neither phishing nor spoofing is considered illegal unless done with the intention to defraud, cause harm, or wrongfully obtain anything of value. In this most recent incident, it’s not known what the callers’ intentions were, but the safest option is assume the intent is malicious. Always be wary of unknown callers. 

Email scams should be reported to scam@siu.edu. Specific advice on averting phishing scams is available here

Anyone who is encountering a problem with caller ID spoofing or email scams is also encouraged to contact the IT security team at security@siu.edu and the Department of Public Safety at 453-3771.