Email scam alert: messages impersonating UB high-level employees

UBbox Logo

Published November 16, 2018

Scammers are targeting UB employees by sending email claiming to be real UB supervisors or high-level employees, and asking them to make purchases or complete other tasks on their behalf.

While this tactic is being used to target other institutions around the country, the names of real UB employees are being used fraudulently in the "From:" field to make the scam more convincing to recipients at UB.

What does it look like?

Here is a recent example of one of these email exchanges--the full names of UB employees have been removed:

From: Ruth ----
Sent: Friday, November 9, 2018 1:51 PM
Subject: Hi

Could you please email me back? I need a favor.

Ruth

Sent: Friday, November 9, 2018 1:57 PM
Subject: RE: Hi

Hi Ruth,

Of course – how can I help?

Sent: Friday, November 9, 2018 3:10 PM
Subject: Re: Hi

Good to hear from you, hope all is well with you? I need to get three iTunes gift cards for my niece, Its her birthday but I can't do this now because I'm currently traveling. Can you get them for me from any store around you? I'll pay back next week when I get back home.

Ruth

The scammer impersonates a real UB employee in the email’s “From:” field. The email exchange typically begins by asking if the recipient is in the office.

In either the same message or a follow-up message, the sender may claim to be busy in a meeting or traveling, and they cannot talk on the phone, but need the recipient to make a last-minute purchase, click a link to read an article or complete another urgent task.

The scammer typically requests that the recipient make a purchase of some sort, whether buying gift cards, paying an invoice or some other plausible purchase on their behalf.

This is a type of business email compromise scam. The FBI has more information about business email compromise scams on their website.

Signs of a fraud

While these fraudulent emails can be convincing, there are often indicators that they are not legitimate. Like many phishing attempts, there are often glaring spelling or grammatical errors.

Like other phishing attempts, these messages rely on a sense of urgency to convince the victim to act quickly, without thinking critically. In this case, additional pressure on the recipient to act is applied by impersonating a supervisor or high-level employee.

I received an email like this. What should I do?

If you received a similar email, do not reply. Instead, report it to UB's Information Security Office. You can find out how to report a fraudulent email on the UBIT website.