by OIT Staff
July 25, 2024
Share
The Information Security team has identified an active campaign against members of the PSU community, in which scammers are calling departments across campus and impersonating community members, most likely in an attempt to gain personal information in an effort to access accounts.
The outcome of this unauthorized access can range from an email account being used to phish others, to negative financial impacts on the impersonated user.
How You Can Help
Remind your staff not to provide personal information over the phone. This could include contact information, PSU ID numbers, and Odin usernames.
If identity verification is part of your workflow for assisting people, consider viewing a PSU ID or a government issued ID either in person, or via a Zoom or Google Meet session (where the customer and their ID can be viewed simultaneously, in real time), rather than relying on knowledge based proof of identity, i.e., asking personal questions over the phone. If knowledge based identity verification must be used, require multiple correct answers, and avoid relying on information that is publicly available such as date of birth.
Make sure paper containing personal information is securely stored, and properly disposed of such as via shredder, or secure shred bin, when it is no longer needed.
Report suspicious phone calls to the Information Security team at security@pdx.edu. If possible, please provide the date and time of the call, phone number, and the name of the community member that may be being impersonated.