Cybercriminals don't just use email anymore; they use your phone, too. Follow this guide to learn how to identify mobile-based scams and protect your Lafayette account from unauthorized access.
Understanding Vishing and Smishing
What is Vishing?
Vishing (voice phishing) is when a scammer calls you on the phone and pretends to be someone you trust—like a tech support agent, a bank representative, or even a government official in an attempt to manipulate you into revealing confidential information or credentials. These attacks often use “support-style” scripts and high-pressure tactics to appear legitimate.
What is Smishing?
Smishing (SMS Phishing) is a scam that happens through text messages instead of emails. Scammers typically pose as supervisors, colleagues, or trusted organizations to request favors or prompt users to click on malicious links.
Red Flags and Scammer Tactics
- Artificial Urgency (The “Fake” Emergency): They try to make you panic so you act quickly without thinking. They might say, “Your account will be deleted in 10 minutes!” to rush you into making a mistake.
- Credential Requests (Asking for “The Keys”): Unsolicited requests for passwords, Multi-Factor Authentication (MFA) codes, or Social Security numbers. This is a major red flag. A legitimate organization will never call or text you out of the blue to ask for your password, Social Security number, or login codes.
- Caller ID Spoofing (Hiding behind a local number): Altering the caller ID to display a trusted name or local extension. Scammers can “mask” their real phone number so your caller ID displays a familiar name or an Easton (610) area code. Just because it looks like a campus extension doesn’t mean it’s actually someone from the College.
- MFA Manipulation (The DUO Push Trap): Requests to approve “push” notifications or read one-time codes over the phone. If someone calls you and asks you to “approve the notification on your screen” or read back a code sent to your phone, hang up. They are trying to use your phone to break into your account.
Required Action Protocol
If you receive a suspicious CALL or TEXT:
- DO NOT respond (even to say “stop”): If you reply to a scam text, even to tell them to leave you alone, you are confirming that your phone number is active and monitored. This will lead to more spam calls and texts in the future.
- Block sender: Use your phone’s built-in settings to block the caller. This stops that specific scammer from reaching you again.
- Report as spam: Most smartphones have a “Report Junk” or “Report Spam” option right inside the message app. Using this helps your phone provider identify and block these scammers for everyone else, too.
- Hang Up: If a call feels suspicious or “pushy,” end the conversation immediately. You are under no obligation to stay on the line.
- Verify Independently: Contact the purported department using an official number. For instance, if a caller claims to be from the Lafayette Financial Aid office or the IT Help Desk, hang up and call that office back using the official number found on the directory.lafayette.edu website.
Incident Reporting
If you believe you have accidentally shared information or interacted with a scammer, contact the Help Desk immediately.
- Email: help@lafayette.edu
- Phone: (610) 330-5501
Resources