February 18, 2016
Cal Lutheran faculty and staff have recently been very smart in avoiding malicious or scam emails. For purely altruistic reasons ITS staff are hoping the trend continues. We are however seeing a rise in a different kind of scam email, which necessitates sharing with the Cal Lutheran community. The “Business Email Compromise” or “Executive Phishing” emails are sophisticated scam emails, appearing to come from a department head or executive, asking for a funds transfer, personnel information or student information. The perpetrators do their homework on the institution’s website and find out reporting structures and other details to make the email look legitimate. Contrary to most scam emails originating abroad, these emails are generally grammatically correct, making them harder to distinguish from legitimate emails.
As always, be mindful of information requested via email, even if it looks like an odd but legitimate request. These emails may ask faculty for student rosters, Business Office personnel asked for a funds transfer or HR personnel asked for personnel records. According to the FBI, these types of emails have scammed more than 7,000 US companies as of January.
In dealing with suspicious looking emails:
- If you know the sender contact the sender via email or phone to verify the request.
- Delete or forward to the Cal Lutheran Help Desk (see below).
- Hover your mouse pointer on a provided link to verify the destination matches the link.
- Click Reply to the message to make sure the recipient is the same as sender. In scam emails, the reply-to address is different than the sender’s.
- Although tempting, do not reply with vulgarities or witticisms.
If you have questions about this subject or any other technical matter, please call the Help Desk at (805) 493-3698 or e-mail to firstname.lastname@example.org.
As a reminder, ITS staff will never ask you for your password.