Every year, thousands of people lose money to telephone scams and Cal Poly employees are prime targets for these phone phishers. Although phishing is commonly done by email, phone phishing is another tool used to obtain your personal and Cal Poly information. The caller may claim to work for a company you trust like Microsoft or even claim to be from the Cal Poly service desk. They may send mail or place ads to convince you to call them. The caller might offer to help solve your computer problems or sell you a software license and request your credit card information to bill you for the phony service call. They may also attempt to get your Cal Poly username and password, or ask you to make configuration changes to your computer which allows them access to install malicious software and capture sensitive data from you.
Cal Poly will never ask for your password via email, phone or a non-calpoly.edu web form. All password changes are handled through the Cal Poly Portal. You should also expect Cal Poly affiliated vendors to work with your IT support rather than contacting you directly.
What you need to know
Cybercriminals often use publicly available phone directories, so they might know your name and other personal information when they call you. They might even guess what operating system you're using.
Once the caller has gained your trust, they might ask for your user name and password or ask you to go to a legitimate website to install software that will let them access your computer to fix it. Once they have your information, your computer and your personal information are vulnerable.
Do not trust trust unsolicited calls, especially those requesting you to provide personal information.
Phishing calls received by Cal Poly employees
Recent phone scam calls received by Cal Poly employees had the following characteristics:
- Caller claimed to be from Microsoft Tech Support or Microsoft Health Services
- Caller claimed to be from Windows Helpdesk
- Phone numbered displayed on Cal Poly phone was "0000000000"
- Call may appear to have come from a foreign country
- Caller greeted the intended victim by name
What to do if you receive a phishing phone call?
- If you receive a phone scam call, do not provide any information or follow directions provided by the caller. Simply hang up.
- Notify firstname.lastname@example.org and (if possible) include the incoming number, the campus extension receiving the call, and the date and time so we can take appropriate action.
If the caller claims to be contacting you regarding a service request for a computer you aren't aware of, take their information and follow up with ITS Service Desk or the IT contact in your area.