Be Aware: Rise in Phone Scams Mimicking IT Support

In recent weeks, higher education institutions including Harvard and University of Pennsylvania have experienced an uptick in cybercriminals posing as campus IT staff to trick students, faculty, and staff into giving up credentials or installing malicious software. 

Stanford has not reported incidents of this nature yet, but it’s important to remember social engineering remains one of the most effective tools used by attackers. 

Anatomy of an imposter call

Social engineering is effective because it exploits human trust rather than technical vulnerabilities. These scammers often:

• Mimic legitimacy: They may use the names of actual Stanford IT staff.

• Reference campus tools: Callers might mention specific systems like Duo, Zoom, or Axess to create a sense of urgency.

• Create false urgency: Threatening account suspension or security breaches to pressure you into acting quickly.

The ultimate goal is typically to gain remote access to your device, steal SUNet IDs and passwords, or bypass two-step authentication.

How to verify Stanford IT support

Stanford’s distributed IT environment means support can come from various departments. However, a genuine Stanford IT staff member will always support your efforts to verify their identity by:

• Identifying themselves clearly with their full name and specific school or unit.

• Using official channels and communicating via an @stanford.edu email address that can be found in StanfordWho.

• Using Stanford Services & Support: They can provide a ticket number or reference an existing request visible in your ServiceNow portal.

• Welcoming verification: If you feel uncomfortable, a legitimate staff member will encourage you to hang up and call back to the University IT Service Desk at 650-725-4357 (5-HELP), or your local IT team’s published number.

Red flags: trust, but verify

To protect your data and the university as a whole, please remember Stanford IT staff are unlikely to:

• Ask for your password or Duo passcode over the phone, email, or Slack.

• Request a Duo “Push” approval during a session they initiated.

• Pressure you to take immediate action under threat of account deactivation.

What you can do

Building a culture of verification is our best defense against social engineering. If you receive a suspicious request:

• Pause: Scammers rely on speed. Take a moment to assess the request.

• Verify: Ask to call them back at a known phone number. Use a known channel such as Slack, the University IT Service Desk (5-HELP), or a direct email to a known colleague to confirm the person’s identity.

• Report: If you suspect you have been targeted, report the incident to the Information Security Office (ISO) or your local IT support lead immediately.

By slowing down and verifying, you play a critical role in safeguarding Stanford’s research, data, and community. One team, one fight!