I am always warning people about cyber scams. I am what some might call a cybervangelist. Whether through phishing (emails), smishing (text messages) or vishing (voice).
Last week, I received a call that looked like it came from Louisville Gas & Electric (LG&E), my local utility company. The number that showed up on my called ID was, in fact, the number for LG&E. So immediately, it seemed legit.
When I answered, I heard a recording saying that my power was due to be disconnected within the hour and to “press 1 to talk to someone to make a payment or press 2 to continue with the disconnection”. Clearly, I didn’t want my power disconnected, especially since the temperatures are in the teens. So I pressed 1. A man came on the line and asked how he could help me. I told him I received this call, which told me my power would be disconnected. He said that I needed to pay my past-due amount immediately. I told him that I had autopay set up to pay this bill and that I would log in to check my account and would pay online if, in fact, I owed anything. He said I couldn’t do that because it would take 1-2 days to clear my bank and would not keep them from shutting off my power.
However, this lovely man was here to help. He said either I could go to my bank account online and pay via Zelle or I could go into my local LG&E office to pay in person. In the meantime, unbeknownst to him, I had logged into my account to see my bill. I told him that since HE called ME, I wanted to protect myself and confirm he was indeed calling from LG&E. He said, “Of course, I understand.” So, I asked him to tell me my LG&E account number to confirm it was legit. The line then went dead.
I immediately called LG&E directly (at the same number spoofed because that is the number they list on their website and the bills) and advised what happened. They did confirm it was a scam and took down all the information I conveyed about the call I had received. I was told that this was a scam they had been seeing and that the script was always the same. I advised that the spoofed number adds a sense of legitimacy and that the cyber security team should be alerted. I was advised to notify the local police department and file a complaint online with the FBI Internet Crime Complaint Center (IC3) (https://www.ic3.gov/).
It is important to notify law enforcement in addition to the organization that is spoofed so that trends can be watched and others can be alerted to be aware of these scams.
Coincidentally, as I was writing this article for this week’s newsletter, I received the same call again four days later. (It sounded like it was the same man as before.) He told me that the crew was en route to my house “even as we speak” to turn off my power. To see what he would say, I asked him to please tell me where the nearest LG&E office is so I could pay in person. It was at this point that he hung up again. Next time I will ask if I can pay with bitcoin.
By the way, my power was still on when I got home. I guess their crew got lost.
At Commonwealth Sentinel, we can evaluate your existing IT security and work with your team to improve it. We can also provide a complete source of services. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things.