We have received reports in recent days of criminals sending email that appears to come from high ranking university officials including the President, Provost and several school deans asking CGU staff members if they are available. If the staff member responds, the scammer may follow-up, continuing to pose as that official, asking them to purchase gift cards on his behalf and send him the card redemption numbers. This is a variation on an old scam, and we are providing these reminders to members of the CGU community:
- Be suspicious of communications with urgent requests from executives. Review the sending email address closely to see whether it is a CGU address. Check with the apparent sender by phone call, chat, or in-person if you are at all unsure. Or send a separate email to the person’s usual email address. Do not reply to the request itself.
- Ignore any request for payment via gift card. “Anyone who demands payment by gift card is always, always, always a scammer,” according to the Federal Trade Commission (FTC). “Gift cards are for gifts, not payments,”
- Verify unusual requests for money (via wire transfer, gift card, or other means) from your supervisor or leadership before acting.
- Please use this guide to report phishing emails to CGU OIT.
In some versions of this scam, criminals send email purporting to be from executives asking for bank account numbers and/or requesting wire transfers. The version we are now seeing at CGU has these new characteristics:
- The request is for gift cards, frequently iTunes gift cards.
- The scammers begin with what is called a “feeler” message. It may simply ask, “Are you available?” If the staff member responds, a follow-up email makes an urgent request for immediate money for an important task.
The sending email address for these fraudulent emails is often a variation on the person’s name, perhaps with a number added, from a personal GMail, Yahoo, or other freely available account. Sometimes it is from a forged CGU address.
Those who report to executives or work in financial or human resources departments are frequent targets. Criminals search online for org charts, contact information on websites, social media posts, and other published information to identify leaders and their staff to target. Such information is widely available for universities such as the Claremont Graduate University.
CGU students, faculty and staff should follow these guidelines when trying to spot a phishing scam:
- Is it from a sender you know? Were you expecting the email? Verify with your friend or co-worker over the phone if you are unsure or if the email seems a bit off.
- Is the sender asking for personal information? Legitimate banks and most other companies will never ask you for personal credentials via email.
- Review the email header information: Do you recognize the sender and their email domain?
Consider the email content:
- Is this message typical for this sender?
- Does the message make sense? Legitimate messages usually do not have major spelling mistakes or poor grammer.
- Hover over links to review the address before clicking: Is the email trying to panic you into clicking a link?
- Don’t click on attachments. Including malicious attachments that contain viruses and malware is a common phishing tactic. Don’t open any email attachments you weren’t expecting.
- Review the signature: Do you recognize the sender’s name or department?
- Don’t believe everything you see. Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.
Below are some resources with examples of typical scam messages and additional detail.
- Asked to pay by gift card? Don’t. (FTC, 5/31/18)
- SCAM OF THE WEEK: “The Boss Needs iTunes Gift Cards For Customers… NOW” (KnowBe4 Security Awareness Training Blog, 9/12/18)
- CEO Fraud (KnowBe4)
- Scam victims pay ‘back taxes’ with iTunes gift cards (CNBC, 3/5/18)