Fraudsters posing as Odido employees

UU employees victim of mobile phone phishing scam

odido foto DUB

Approximately ten employees of Utrecht University fell victim to a scam involving their work smartphone. Their SIM card was blocked and the scammers used their phone numbers to scam other people.

News
By ,
on 03/12/2025 - 15:01
Read in Dutch

For weeks, UU staff members have been approached by scammers posing as Odido employees. The scammers asked the victims to share a verification code with them and, after they did so, the SIM card in the work phone stopped working. That's because their numbers became e-SIM cards which were then used by the scammers to contact other people to swindle them out of their money.

"According to new legislation, work phones must be verified," the scammers told the UU employees. "We will send you a verification code through a text message and all you need to do is confirm it to us." The code in question was sent by Odido. After sharing the code with the scammers, the victims got another message saying: "Thank you for ordering an e-SIM card." A while later, the SIM card on their phone stopped working.

That's the moment the scammers could get to work. They started using the numbers to make expensive calls at UU's expense and send phishing messages to others, this time pretending to be the tax authorities. The message said that the receiver had to pay a debt quickly to avoid a visit from a bailiff. It also included a link to a site indistinguishable from that of the tax authorities, where one could pay the "debt". 

"It happened to me on Friday afternoon. Shortly afterwards, I got several messages and phone calls via WhatsApp from people who were panicking and wondering why they had to repay a tax debt immediately," says a UU employee. Odido can't block the e-SIM card because all contacts must go through UU. Fraud cases must be reported to the ICT service desk. "Such fraud actions come in waves," says Harry Mulder, from UU Security (Telephony). "It seems that many UU employees are being approached right now. We have received more than ten reports last week."

All victims got a new SIM card from the university. They also get to keep their number. But that doesn't mean that the inconvenience ends there. The employee says he is still getting calls from people who are surprised at the amount they must pay to the tax authorities.

Mulder explains that, in this type of phishing, the scammer "spoofs" a number. This means they can call others using their own phone, but the recipient sees the UU number as the caller. "They usually can keep this up for two weeks. Unfortunately, we cannot stop it."

scherm mobiel
Tags: ict | security

Advertisement