Someone tried to impersonate two faculty members at Texas A&M University-San Antonio last month, according to a university police report filed Sept. 16 in the Central Academic Building.
The incident was reported by Sylvia De La Pena, an analyst with the office of Information Technology Services, after her department received two fraudulent phone calls.
According to the police report, De La Pena reported six previous calls from someone impersonating an employee and trying to gain access to the employee’s work accounts. In the report, De La Pena said the caller knew one of the faculty member’s date of birth and the last four digits of their social security number.
The phone calls came in between Sept. 5 and Sept. 16, but access was not granted to the caller.
The faculty members affected were contacted via email of the attempt and asked to report any suspicious activity regarding their university accounts.
The first person the suspect attempted to impersonate was a professor in the Department of Sociology and Communication, and they said a similar incident occurred on July 8 and July 10. The suspect was successful in changing the faculty member’s password that time.
The professor asked The Mesquite not to use their name.
“I talked to the [ITS] person who actually approved the password change; she sounded a little confused at first as to why I was calling again,” the faculty member said. “So she asked me ‘Out of curiosity, did I just talk to you about this?’ and I said ‘no, this is my first time hearing about it or calling about it.’”
On July 10, ITS contacted the faculty member again and “acknowledged” that the faculty member had changed their password again.
The faculty member said that they were out with family when they received this notification.
“Immediately I had to stop what I was doing and go into a different part of the building and do the same thing,” said the faculty member.
They mentioned that when they called ITS, the fraudulent caller was also on the phone with ITS.
That’s when ITS knew something was fishy.
“I was able to prove that I was who I said I was and they told the other person ‘Can we call you back?’ and then they hung up [with the suspect].”
The faculty member said this was the last time they heard about the password change until Sept. 16, the date in which the third attempt was reported.
The second faculty member targeted works in the Department of Counseling, Health and Kinesiology at the university. They said they were notified by ITS and the University Police Department that someone was trying to change the credentials to their university account.
This faculty member also asked not to be named.
“The university is really vigilant on cyber threats and so as faculty, we’re constantly getting alerts of types of phishing scams or types of trojan horse scams,” said the second faculty member. “So they’ll give an extra heads up like, ‘Look out for this type of request’ or ‘Look out for this type of email.’”
The faculty member stated that whomever was trying to change their credentials had also called ITS to do so. However, ITS wanted to confirm it was this faculty member calling and asked the suspect to provide visual proof. The suspect hung up after this.
The faculty member stated this was the first time an incident like this happened to them.
“I think it’s difficult — we live in a world where cyber security and cyber threats are a very real thing and I’m, personally, just very glad that our university is prepared to handle them and appears to be effective in doing so,” said the faculty member.
Both faculty members are unsure of who the suspect is.
De La Pena declined to comment.