January 22, 2020 —
One of the most recent phishing scams hitting institutions is the gift card scam from a fake email address of a Dean, Department Head or Director.
This is the typical progression of this kind of scam:
- The scammer impersonates the unit head with a fake email address.
- Staff within the unit are sent a generic opening email, such as “Are you available?”
- If they get a response, the scammer gives some excuse about why they can’t be contacted by
- The scammer will then make an urgent
- Typically, the request is to purchase iTunes cards or some other gift card
- If the scammer obtains the numbers on those cards, they can resell them for profit.
This is an example of what is called ‘email spoofing’ in the world of cyber security.
What is Email Spoofing and how does it happen?
Spoofing, or forging a sender’s address, is a form of social engineering, designed to trick the recipient. The recipient is tricked into opening an email attachment, clicking a link or executing a request such as a wire transfer, invoice or other financial request.
Often the “From” address is forged, and the “Reply-to” address is the attacker’s email address. Unfortunately, the innocent victim whose email address has been forged cannot not do much to protect themselves, but recipients should be wary of responding to suspicious requests.
How do I identify an email spoof?
Recipients of these emails should be wary of the following techniques:
- Unsolicited email involving an online financial service or wire
- “Soft opening” techniques, such as brief emails asking whether you are in the office today or other seemingly harmless questions.
- Cryptic emails from a VIP stating there is an urgent
- Demanding emails from a customer or vendor asking for a change in banking information or payment
- Attempts to avoid standard procedures, with statements such as “I don’t have time to send a PO or use ”
- Requests to click links or attachments.
What can I do if I think I’ve received an email spoof?
If you think you have received an email message from a scammer:
- Be careful about replying to the original email with too much information.
- Pay attention to the reply-to address. Is it the same as the “From:” address?
- Call to confirm with the sender if In some cases, the email account may be compromised.
- Hover over suspicious links to reveal the true destination of the
- Send the email to spam [at] umanitoba [dot] ca or infosec [at] umanitoba [dot] ca for a second
- Follow procedure: All wire transfers and financial purchases should be confirmed by phone and follow proper Regardless of the sender, proper procedures should be followed. Don’t be intimidated by a VIP sender.
Check the latest phishing alerts on the Information and Security Compliance website.
Remember: Information Security Starts With You!