State agencies are reporting a vishing scam that started this past week targeting Texans. The caller claims to be from the Texas Criminal Courts of Appeals with a spoofed phone number of (512) 463-1551. The caller asks for their personal information like their social security numbers. These calls are very convincing and the attack has been successful many times in the last week.
Vishing is the social engineering approach that leverages voice communication. This technique can be combined with other forms of social engineering that entice a victim to call a certain number and divulge sensitive information. Advanced vishing attacks can take place completely over voice communications by exploiting Voice over Internet Protocol (VoIP) solutions and broadcasting services. VoIP easily allows caller identity (ID) to be spoofed, which can take advantage of the public’s misplaced trust in the security of phone services, especially landline services. Landline communication cannot be intercepted without physical access to the line; however, this trait is not beneficial when communicating directly with a malicious actor.
How do you avoid being a victim?
Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
As always, report incidents to the HSC Information Security Office at informationsecurity@unthsc.edu or abuse@unthsc.edu.