Article Read Time
I am always warning people about cyber scams. I am what some might call a cybervangelist. Whether through phishing (emails), smishing (text messages), or vishing (voice).
Last week, someone tried one of those cyber scams on me. I received a call that appeared to be from Louisville Gas & Electric (LG&E), my local utility company. The number that showed up on my caller ID was, in fact, the number for LG&E. So, it seemed legit immediately.
When I answered, I heard a recording saying that my power was due to be disconnected within the hour and to “press 1 to talk to someone to make a payment or press 2 to continue with the disconnection”. Clearly, I didn’t want my power disconnected, especially since the temperatures are in the teens. So I pressed 1. A man came on the line and asked how he could help me. I told him I had received a call stating that my power would be disconnected. He said that I needed to pay my past-due amount immediately. I told him that I had autopay set up to pay this bill and that I would log in to check my account and would pay online if, in fact, I owed anything. He said I couldn’t do that because it would take 1-2 days to clear my bank, and it would not keep them from shutting off my power.
However, this lovely man was here to help. He said I could either pay online through my bank account using Zelle or visit my local LG&E office to pay in person. In the meantime, unbeknownst to him, I had logged into my account to see my bill. I told him that since HE called ME, I wanted to protect myself and confirm he was indeed calling from LG&E. He said, “Of course, I understand.” So, I asked him to tell me my LG&E account number to confirm it was legit. The line then went dead.
I immediately called LG&E directly (using the same number spoofed, as it is listed on their website and on the bills) and reported what had happened. They confirmed it was a scam and removed all the information I had provided about the call I received. I was told that this was a scam they had been seeing and that the script was always the same. I advised that the spoofed number adds a sense of legitimacy and that the cyber security team should be alerted. I was recommended to notify the local police department and file a complaint online with the FBI Internet Crime Complaint Center (IC3) (https://www.ic3.gov/).
It is essential to notify both law enforcement and the organization that has been spoofed, so that trends can be monitored and others can be alerted to be aware of these cyber scams.
Coincidentally, as I was writing this article for this week’s newsletter, I received the same call again four days later. (It sounded like it was the same man as before.) He told me that the crew was en route to my house “even as we speak” to turn off my power. To see what he would say, I asked him to please tell me where the nearest LG&E office is so I could pay in person. It was at this point that he hung up again. Next time I will ask if I can pay with bitcoin.
By the way, my power was still on when I got home. I guess their crew got lost. Score Sheri:1 Cyber Scams:0
At Commonwealth Sentinel, we can assess your existing IT security and collaborate with your team to enhance it. We can also provide a complete source of services. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things.