Email isn’t the only place where criminals go phishing for sensitive information. According to the MGH Office of Privacy and Security, criminals also use the telephone (phone phishing). All staff all have the potential to be targeted, and need to be alert.
What is phone phishing?
In phone phishing, callers pretend to be a trustworthy source (ex: Partners IS Service Desk, HR, a bank, etc.) to try and trick you into giving away sensitive information over the phone like usernames, passwords, financial and personal information, answers to security questions, etc. If you get phished, you may become a victim of identity theft, attackers could gain access to devices and the hospital’s network, and confidential information can be exposed.
How can I protect myself?
- Never respond to requests for personal/financial information through the phone.
- Always be suspicious of a caller asking you for access or asking you to enter anything into your internet browser.
- Remember the Partners IS Service Desk will not randomly call you unless you’ve opened a ticket with an issue.
What do I do if I receive a phone call that sounds like a phish?
Don’t stall, report the call. If you are suspicious or don’t know a caller or number, ask the caller for their name and callback number, hang up, and report the call (the caller’s number, the caller’s name and the caller’s story) to firstname.lastname@example.org or to the IS Service Desk as a phone phish.
Questions? Contact the Privacy Office:
This article was originally published in the 05/12/17 Hotline issue.