Office of Information Security

May 11, 2022

Scam calls to the UW community

We’ve received a report that there’s a high volume of scam tax/debt-relief calls to UW phone numbers today. The scammers are using rotating caller ID which makes it difficult to block the calls. They are likely attempting to entice members of the University community to reveal personal information, such as bank details, credit card numbers, or login credentials, in attacks that are known as “vishing.”

Be aware that scammers use a variety of tactics to make such calls seem authentic, such as making the incoming call appear to be from a local number. Past vishing attempts included scam calls from “UW Physicians” with voice messages to collect payment for office visits. The messages urge the targeted individual to call an 800 number to remit payment.

Students have also been targeted with calls referring to a “claim benefit” the student had been approved for. These calls often appear to be attempts to gather personally identifiable and financial information.

In some cases vishing campaigns direct victims to fraudulent websites that are crafted to steal and harvest login credentials. Such attacks have been observed specifically targeting UW NetID credentials in the past.

Attackers phish for UW NetID credentials for a number of reasons, including:

  • Access to University systems and services,
  • Access to UW institutional information and resources, and
  • To deploy malware.

Early in the calendar year, vishing campaigns focus on access to W-2s for fraud and identity theft, and ongoing campaigns beyond tax season generally target business executive accounts for fraud and IT administrator accounts to spread malware.

The top FBI recommendation for protecting accounts is two-factor authentication (2FA), which reduces the risk associated with credential phishing. 2FA also reduces the risk associated with password guessing attacks as well as attacks leveraging credentials used across multiple sites.

Things to do