Alert: Spoofed Emails Circulating Across Campus

December 5, 2018December 5, 2018

Email messages have been circulating across campus recently in which the sender pretends to be someone the recipient knows asking them to purchase gift cards. In some cases, the sender pretends to be a supervisor or colleague to make the message appear legitimate. These types of messages are known as “spoofed emails.”

Email spoofing occurs when a message appears to be sent from someone you know but is actually sent by a malicious attacker. Some of the most common spoofing emails come from someone you know asking you to perform some financial transaction for them. These transactions can include:

Changing banking information
Buying gift cards
Mailing checks.

Vigilance in identifying suspicious messages is the most effective protection against these types of attacks. A primary indicator of a spoofed message is a difference between the known sending address and the address listed in the “reply to” field. This address is most often a non-@duq.edu address that the attacker created. To learn more about identifying characteristics of phishing and spoofing emails, visit duq.edu/phishing.

Faculty, staff and students who have received or responded to one of these messages are asked to report it immediately to the Office of Computing and Technology Services’ Help Desk at help@duq.edu.

For more information about spoofed messages, check out the News and Alerts at duq.edu/safe-computing.