I am what some might call a cybervangelist. I am always warning people about cyber scams. Whether through phishing (emails), smishing (text messages) or vishing (voice).
Last week I received a call that looked like it came from Louisville Gas & Electric (LG&E), my local utility company. The number that showed up on my called ID was in fact the number for LG&E. So immediately it seemed legit.
When I answered, I heard a recording saying that my power was due to be disconnected within the hour and to “press 1 to talk to someone to make a payment or press 2 to continue with the disconnection”. Clearly I didn’t want my power disconnected especially since the temperatures are in the teens. So I pressed 1. A man came on the line and asked how he could help me. I told him I received this call which was telling me my power was going to be disconnected. He said that I needed to pay my past due amount immediately. I told him that I have autopay set up to pay this bill and that I would login to check my account and would pay online if, in fact, I owed anything. He said that I couldn’t do that because it would take 1-2 days to clear my bank and would not keep them from shutting off my power.
However, this nice man was here to help. He said either I could go to my bank account online and pay via Zelle or that I could go into my local LG&E office to pay in person. In the meantime, unbeknownst to him, I had logged into my account to see my bill. I told him that since HE called ME, I wanted to protect myself and just confirm he was indeed calling from LG&E. He said, “Of course, I understand.” So I asked him to tell me my LG&E account number to confirm it was legit. The line then went dead.
I immediately called LG&E directly (at the same number that was spoofed because that is the number they list on their website and on the bills) and advised what happened. They did confirm it was a scam and took down all the information I conveyed about the call I had received. I was told that this is a scam they have been seeing and that the script is always the same. I advised that the spoofed number adds a sense of legitimacy and that the cyber security team should be alerted. I was advised to notify the local police department and I also filed a complaint online with the FBI Internet Crime Complaint Center (IC3) (https://www.ic3.gov/).
It is important to notify law enforcement in addition to the organization which is spoofed so that trends can be watched and others can be alerted to be aware of these scams.
Coincidentally, as I was writing this article for this week’s newsletter, I received the same call again four days later. (It sounded like it was the same man as before.) This time he told me that the crew was en route to my house “even as we speak” to turn off my power. Just to see what he would say, I asked him to please tell me where the nearest LG&E office is located so I could pay in person. It was at this point that he hung up again. Next time I will ask if I can pay with bitcoin.
By the way, my power was still on when I got home. I guess their crew got lost.