Search This Blog

Thursday, March 07, 2013

RJ-11 phishing lines

Yesterday we got a new kind of abuse of the contact info on a Form 470.  An unscrupulous service provider called us to find out when they could install the Internet connection.  The idea behind the scam seems to be to confuse a school employee into letting them in to install the circuit before anyone realizes that no one had ordered the circuit.  It's a variant on the old maintenance-proposal-disguised-as-an-invoice scam.

Fortunately for our client, we're the contact on their 470, so we got the call and smelled a rat.  I wonder how many schools will have surprise circuits installed because USAC publishes names and phone numbers on the Form 470.

So now in addition to my call to have the Form 470 include a contact form instead of providing spammers with a list of email addresses, I am now calling for the phone number to be hidden as well.  Up until now, I've just been annoyed at how many service providers call us when our Forms 470 state that we want email contact.  We should have an option to hide our phone and fax numbers.  Now we have a documented case of a scammer taking advantage of a phone number from a 470.  I wonder how many of the spamfaxes we get are the result of our fax number being published every year.

And the drumbeat of phishing emails continues.  Today's email purports to come from the University of Chicago, informing me that "Help desk requires to upgarde your account click here. third party tried to access your account please update for security reasons."  That's a poor phishing email.  First, why would the Univ. of Chicago help desk be contacting me?  Second, I suspect the people working the help desk at such an august university know how to spell "upgrade" and write in complete sentences.

No comments:

Post a Comment