Cybersecurity Corner: Spoof Phone Calls

Dennis Leber portrait
Dennis Leber is UConn Health’s chief information security officer. (Photo provided by Dennis Leber)

Recently UConn Health received notification that a patient’s family was targeted with a scam in the form of spoofed phone calls. The attacker used technology so the caller ID displayed a number originating from UConn Health. Once someone answers, a scripted scam developed through social engineering, attempts to trick the victim into giving over money. Preventing spoofed calls is next to impossible, but we can be prepared for them:

  • Stay aware and trust your gut. If the call seems suspicious, hang up.
  • You may be unable to tell immediately if an incoming call is spoofed. Be extremely careful about responding to any request for personal identifying information or request for money.
  • Don’t answer calls from unknown numbers. Let the call go to voice mail.
  • If you answer the phone and the caller – or a recording – asks you to hit a button to stop getting the calls, you should hang up. Scammers often use this trick to identify potential targets.
  • Do not respond to any questions, especially those that can be answered with “Yes” or “No.” Scammers record your response and use it to prove you authorized payment or other actions.
  • Never give out personal information such as account numbers, Social Security numbers, mother’s maiden names, passwords, or other identifying information in response to unexpected calls or if you are suspicious.
  • If you get an inquiry from someone claiming to represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company’s or government agency’s website to verify the authenticity of the request. You will usually get a written statement in the mail before getting a phone call from a legitimate source, particularly if the caller asks for payment.
  • Use caution if you are being pressured for information immediately or money.
  • If you have a voice mail account with your phone service, set a password for it. Some voicemail services are preset to allow access if you call in from your phone number. A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.
  • Talk to your phone company about call blocking tools and check into apps you can download to your mobile device. The FCC allows phone companies to block robocalls based on sound analytics. More information about robocall blocking is available at
  • Review your social media content and remove personal information criminals may use to build a profile on you and data which facilitates victimizing you. e.g. some of these spoofed calls claim to be a family member in the Hospital asking for money.
  • If you provide any personal information before you realize the call is a scam, lock your credit report, bank cards, or other accounts which may become compromised.
Dennis Leber, Chief Information Security Officer