Security officials are warning Capitol Hill employees to be alert for telephone scams targeting congressional offices, a reminder that Internet-calling technology makes phone calls as big a threat to Congress as cyberattacks. On Monday, the Office of the Senate Sergeant-at-Arms sent out a notice about illegal phone phishing incidents, involving callers trying to elicit sensitive information about the Senate network, including IP addresses, files present on Senate computers and how to obtain remote access. "IT Security has received reports about recent telephone phishing attempts. Senate users have reported phone calls from individuals claiming to be some type of technical professional and requesting information or action," stated the SAA notice obtained by CQ Roll Call. In one example, a Senate staff member reported being called and asked to take action to resolve a “spyware issue.”
Most calls have been from people identifying themselves as being from either a major vendor’s technical team or the Senate Help Desk, according to the SAA. Some of the callers are being forwarded first by someone else within the agency, enabling the scammers to mask their phone number and thwart caller ID. In response to the fraudulent calls, the SAA is warning congressional staff to never give out personal information during a phone call they did not initiate, and never to give out personal information over email.
On the other side of the Capitol, officials declined to comment directly on whether similar cases of phone phishing have been reported. But a House Administration Committee source said the House keeps offices informed of any potential phishing attempts and consistently reminds them to be on guard for potential cases of fraud. If any House office suspects fraud, according to the source, they are encouraged to report it to the House Information Security office.
During the past two weeks, House Inspector General Theresa M. Grafenstine has twice alerted members and staff to potential phone scams.
In a Jan. 29 memo obtained by CQ Roll Call, Grafenstine reminded House offices to be cautious of solicitations from toner, subscription and yellow page vendors as they set up business for the 114th Congress.
"Although House offices are targeted by scammers throughout the year, scammers target offices more frequently during a Congressional transition and at the start of a new Congress when new Members are establishing their office. It is an unfortunate reality that some vendors will attempt to take advantage of individuals who may be unaware of the existence of these scams," the memo stated, along with details on fraudulent sales calls and emails.
The IG also sent a Feb. 6 memo advising the House community of pervasive IRS phone scams targeting House offices. The scammers, Grafenstine said, often demand money to pay off tax debts, threaten with legal action for taxes due on prior year tax filings, and try to defraud you by saying you are owed a tax refund to lure you into giving them banking or other private financial information. She warned that the callers may sound very convincing, using fake IRS employee ID numbers.
Grafenstine warned, like the SAA's office, that these spammers also have technology to "spoof" caller ID.
Related: New House Cybersecurity Policies Show Ongoing Threat The 114th: CQ Roll Call's Guide to the New Congress Get breaking news alerts and more from Roll Call in your inbox or on your iPhone.