Have you received an e-mail from our Provost, President, or even one of your colleagues asking you to buy them some gift cards? This is a fairly common e-mail scam that uses executive impersonation or ‘CEO Fraud’ to give credibility to the attackers’ claims.
These attacks usually begin with an e-mail sent from a fraudulent external e-mail address, such as firstname.lastname@example.org or email@example.com impersonating one of our executives, a colleague, or the attack can use a valid internal e-mail account that was earlier compromised through phishing or malware. The attacker sends the initial request through e-mail asking some form of “Are you available?”, “Do you have a minute?”, or “Can you do something for me?” Any response by you is then met with a story of the executive being in a meeting or somehow unavailable to perform some important task that they now would like you to handle. This task can include transferring large sums of money, cashing a check on behalf of the executive, or buying gift cards on behalf of the executive.
Many times, attackers have taken the time to gain knowledge of the institution’s organizational structure and use that knowledge to their advantage. The ultimate goal of all of these scams is to defraud you or the institution of money. Most of the time the money given to the attacker is not retrievable.
We rely on the education of our end users to help us prevent these types of attacks. You should be vigilant not to click on links or open attachments from unknown or unexpected senders. If you think it is odd that the Provost or President would contact you personally for such a request then that entire interaction should be suspect. Contact their office by phone or departmental e-mail if the request involves money or confidential information. If you need help in determining if the request is legitimate, ask the firstname.lastname@example.org address, or the HSC Helpdesk (email@example.com). You can also report if you’ve fallen victim to one of these scams to either of these contact addresses.