We talked about the Twitter hack/scam last week so we found a new one that hits close to home, even if it was reported in Canada. Scammers claiming they work in hospitals are calling the public asking for personal identification information (PII) including full name, Social Security information, insurance information and date of birth. The caller ID makes it look like it is coming from a hospital because the scammers are spoofing the hospitals’ phone numbers.
Don’t give out PII over the phone! If you get an unsolicited call asking for PHI (protected health information) or PII, take a moment and ask yourself some questions:
- Why would a hospital be calling me? Am I having a test or procedure done?
- Why don’t they have this information already on file if it is legitimate?
Advise the caller that you will call the hospital back on a phone number that can be verified externally, meaning don’t just call them back on a phone number they give you on the call. Look up the phone number of the hospital and dial it directly.
Other phishing scams reported to abuse@uthsc.edu this week:
- Did you get my last mail? – from an email address in Hungary wanting to start a conversation (or pretending to continue a conversation)
- New Audio: Call Received – looks like a voicemail to email coming from “Uthsc.edu Audio System notification what wanted you to open an attachment to hear the voicemail. We at least know that we are UTHSC, all caps, not Uthsc.
- I’ve shared a folder with you – wanting the recipient to click on a link
- REMINDER! – an email supposedly letting the user know their “pass-word” will expire today (sense of urgency). Wanting the user to click an “Update now” link.
Report any suspicious UTHSC communication to abuse@uthsc.edu. We can investigate and let you know if it is a phish or a legitimate email.
Stay safe everyone!