skip to content
  • Calendar
  • Maps

Phishing Attempt (02-19-2019 and 04-15-2019) BEC Phishing Emails 

What is Phishing?

Phishing (pronounced "fishing") is probably the most common form of social engineering we see at the University. Phishing is a kind of identity theft that is growing in popularity amongst hackers. Phishing emails will typically contain a statement that something is going to happen to your account if you don't act now, which usually involves clicking on a link to a page where you are requested to provide your username and password and sometimes more. Phishing is using email or social skills (social networking) to trick you into providing personal/financial information, most commonly passwords and credit card numbers, to gain access to your accounts and steal more data or money. By using fraudulent websites and false emails, perpetrators attempt to steal as much information as you are willing to give them.

Business Email Comprosmise (BEC), also known as man-in-the-email scam, is a type of a scam that utilizes social engineering to trick and scam employees and executives in a company. They will impersonate higher level management in order to make wire transfers, give credit card information, write a check, or even purchase a gift card. To learn more about this type of social engineering, please check out these articles: article 1 and article 2.

To learn more about phishing attacks, and how to protect yourself from them, please visit our phishing information page.

Attempt Information

From: There are actually two waves of fraudulent mail from @my[.]com sender addresses posing as faculty deans, sent to other faculty and additionally spoofed email addresses with @gmail.com
Date: multiple
Subject: Are you on Campus?
To: staff and faculty
 

This is an on going Business Email Compromise (BEC) type of phishing email that we have been dealing with for some time now. BEC, formerly dubbed as Man-in-the-Email scams, attackers rely heavily on social engineering tactics to trick unsuspecting employees and executives.  They sometimes impersonate CEOs or any executive authorized to do wire transfers or financial transactions like requesting gift cards be purchased.  There is actually 5 types of BEC email scams.  You can learn more about this at our website Examples of Social Engineering