Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

Many scams or attempts to steal personal information start out with phone calls. Your phone rings with a number that seems to be from an organization you know. It might look like it is coming from your bank or credit card company. So, you answer.

But wait—that phone call might not actually be from your financial institution.

Caller ID spoofing happens when hackers imitate the phone numbers and caller ID of legitimate businesses and then use that fake information to try and get your personal information. This kind of spoofing is illegal.

These kinds of attacks are hard to determine in the moment, so you should approach any such unsolicited calls with extreme suspicion. The best course of action is not to answer the call, but let it go to voicemail so you can evaluate the situation at your leisure and without time pressure. Don’t call any phone numbers or visit any websites the message may direct you to; instead, use the published phone number from your financial institution’s website or from the back of your credit or debit card to find out if the call is legitimate.

If the call isn’t legitimate, report the spoofing incident to the Federal Communications Commission and your phone provider.

Federal Communications Commission: https://www.fcc.gov/spoofing.

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.