As we begin the Spring semester, we would like to remind you to be diligent in watching for phishing emails. Over the last several weeks, OIT has been notified by a number of faculty and staff members who have received messages that appear to come from supervisors. The email will urgently request that the individual purchase a gift card (Walmart, iTunes, etc.). The emails have used an external email address like firstname.lastname@example.org instead of their SMU email address.
The phisher will request that the gift card numbers and pin need to be emailed or texted to the supervisor. These scammers do their research to get the name of the boss and details of his/her employees. Tracing their source is very difficult.
Don’t be fooled!
Below is the sample email exchange in chronological order. Never comply with a request like this and always confirm either in person or with a phone call with the supervisor to make sure this is not a scam. In the example exchange below, Sally ABC is the chair of the Alternative History department of “univ.edu” and was spoofed by the bad guys. Dave XYZ is Sally ABC’s personal assistant.
From: Sally ABC<email@example.com> To: Dave XYZ <firstname.lastname@example.org> Subject: Respond There is something I need you to do. Can you get this done ASAP? I need couple of Walmart gift cards (worth $100) for some a giveaway for a student club. Please get the physical card from the store. I need to send them out in less than an hour. When you get the cards, scratch out the back to reveal the card codes, and email me the codes. I am going into a meeting now with limited phone calls, so just reply my email. Sally ABC Sent from my iPad ----------------------------- Subject: Re: Respond From: Dave XYZ <email@example.com> To: Sally ABC<firstname.lastname@example.org> Sally, Find below the codes below: Xxxxx 12234 xxxyyy Abcde 12345 12344 Sent from my iPhone ------------------------