Over 90% of cyber-attacks start with a targeted “spear-phishing” email or a phone call. 

That’s right: While bogus emails remain a favored tactic for scammers, phone calls also can trick people into sharing personal information or permitting access to online accounts.

The University of Iowa Police Department wants community members to be aware of a phone scam that is currently impacting University of Iowa employees. University employees have reported receiving an unsolicited phone call from a person claiming to be an officer with a local law enforcement agency. Read more about this phone scam on the Campus Safety website.

UI security experts have noticed these kinds of attacks becoming more common. Sometimes the motive is money. Other times it’s access to university systems or data. 

Evaluate every single request for personal or work-related information. These steps can help: 

• Be wary of identity claims: Anyone can claim to be a police officer, a colleague, or even a friend. They can fake phone numbers you may know. Stay vigilant, especially when asked for personal info, data, money, etc. 
• Insist on calling back: If a phone caller makes a sensitive request, tell them you’ll need to call them back on their organization’s main line (look it up) or a number listed in a reliable resource like a campus directory. If they say you’re not allowed to hang up, they’re probably conning you. 
• Follow phishing-prevention practices: Phishing emails continue to offer common gateways for bad actors—they can escalate to phone calls or other non-email communications. Follow basic anti-phishing and security practices. 
• Ask for help: Whenever confronted by a potential cyber-scam, contact your local IT support, the ITS Help Desk (its-helpdesk@uiowa.edu or 319-384-4357, or the HCIS Help Desk (helpdesk-hcis@uiowa.edu or 319-356-0001) for guidance.