Faculty phishing technique exploits relationships with deans and admins
January 31, 2019
If you are university faculty, you’ve probably already received a few of these phishing attempts. They look like a brief note from your Dean or from the University President, asking for a very quick favor. Because these messages are coming from your admins and often include university-branded signature lines, it is easy to think that these are genuinely from that person. However, they aren’t. They are a sophisticated phishing scheme to exploit faculty who are eager to please their administrators. Those who reply to these messages will receive a message stating that their Dean is in a long series of meetings that they can’t get out of, but they need to buy a gift card for a party, and can that faculty member buy the gift card for them and send over a scan for them to take to the party?
Several Chapman faculty have shared with me they’ve received these messages. Other messages are also circulating, which are more sophisticated attempts at spoofing campus officials. When one is tired (as one so often is during the first week of classes) and skimming quickly through emails, it is so easy to respond to these messages without looking carefully at their origin. The best way to know that they are fraudulent is to look carefully at the sender’s email address, which might be something like danielejstruppa@gmail.com rather than struppa@chapman.edu. That should be a quick giveaway that it is not a genuine message.
If it’s not clear from looking at the email account of the sender if it is spam, one can also forward the message to abuse@chapman.edu, where the Security team will determine whether or not the message is spam.
As always, if you are concerned because you have received a “phishy” email, you can contact the Service Desk (servicedesk@chapman.edu) for help and guidance.