TEMPE, Ariz. — The University of Advancing Technology in Tempe is warning the public about a phishing scam that almost fooled its accounting department.
“It’s rare that I get surprised by one, but this one was a little sneakier," said Jason Pistillo, President and CEO of UAT. “We received an invoice from a partner, a vendor.”
The university's accounting department received an email from a vendor they work with regularly. The email contained a six-figure invoice.
The accounting department called the vendor and confirmed it came from an actual employee of the company, so they responded to the email and asked for the vendor's banking information so they could send the payment.
But a hacker intercepted their response.
“This was something new, so I think certainly people would fall for it for sure," Pistillo said.
The hacker then responded with their banking information instead.
The hacker's response raised a red flag because the accounting department didn't recognize the bank.
They were one click away from sending a six-figure payment to a scammer.
“I’ll say that certainly, the phishing attempts have gotten a lot heavier since everybody went to work from home," Pistillo said.
Pistillo says that is in part because many of us are now using our personal computers and at-home WiFi, which is typically less protected.
“The reason is most people I know at home are lazy about doing their updates, they’re lazy about their security, they don’t even have a password on their computer and generally speaking, that’s fine," Pistillo said.
Pistillo said there are several things you can do to ensure you don't become the victim of a scam.
If you are buying something online, try to use PayPal or a credit card in case you are dealing with a fraudulent vendor.
Although more transactions are moving to email, be suspicious of anyone sending you a link asking for account information.
Use tools like video chat to verify who you are talking to first.
If you get any texts, emails or calls about checks from the government, do not respond. The IRS will not contact you that way.
“We’re talking about the physical coronavirus infection but the technical infections are rampant right now," Pistillo said.