CaTS | Information Technology

Quarterly Security Update: Call Spoofing

Quarterly Security Update: Call Spoofing

Welcome to the Winter 2020 edition of the Quarterly Security Reminders email, brought to you by Wright State's Chief Information Security Officer. This quarter's newsletter will provide you with information about a form of social engineering called call spoofing; hopefully you will find it somewhat interesting!

In the past year or so I have noticed an increase in the number of phone calls that appear to be from a location in or around our area—numbers beginning with area codes like 937, 614, 513, etc. The majority of these calls are not truly coming from our area. Callers now have the ability to spoof an area code in the hopes that individuals will be more likely to answer a call that appears to be from their location. In addition, they can also spoof a prefix with an area code, such as 614-775-xxxx. At a quick glance it may appear to be a call from Wright State.

Most of these calls are just vendors trying to get your attention; others seem to be malicious in nature, coming from individuals who hope to gain personal information or make an offer that sounds too good to be true. This is social engineering and we all need to be careful in how we respond to such calls.

Unless you know for certain who you are talking to, take care in giving out information about Wright State or yourself, such as home addresses, birthdates, where you bank, etc. Seemingly innocent information can be gathered over time to build a profile about you. This can later be used in a more sophisticated social engineering attack to gain access to bank accounts or your Wright State account. They may try to guess your security questions that are used to reset your passwords, or call a help desk pretending to be you. If they have enough information it may be possible to trick the help desk personnel.

Personally, I have adopted the practice of not answering calls from telephone numbers I don't recognize. I do this not only on my personal cell phone, but also with calls coming in to my Wright State business phone, and just let them go to voicemail. I have also found that callers spoofing area codes do not leave voicemails, whereas legitimate callers will oftentimes leave voicemails if they are reminding you about appointments, due dates, etc.

More information and helpful tips to avoid this type of social engineering can be found on McAfee's website: