CEO Impersonation Hoax

Submitted by stauffeg on

Our campus continues to be targeted by malicious emails that impersonate campus colleagues in an attempt to receive gift cards or other types of payments. One such email appeared to come from a colleague in an upper-level management position and requested that the recipient buy gift cards and send pictures showing the PIN. If you receive a suspicious email from a colleague, rather than reply to the email, you should first contact the colleague via their published campus phone number which can be found in CU Search.

If you did reply to one of these emails and provided financial information or other personal information, please call the IT Service Center at 303-735-4357 during normal business hours. You are also welcome to alert OIT of suspicious emails by attaching them to a new email addressed to phish@colorado.edu. For more information about the IT Service Center, including hours, please visit the IT Service Center’s webpage.

Following is an example of one of the malicious messages:

___________________________________

Subject: RE: Are you on campus

Hi Jim,

What I need is Google Play Gift card of $500  face value, I need 2 of this amounting to $1000.I need you to get the physical card, then you scratch the back out and take a picture of them, attach the pictures showing the pin and email it to me here. How soon can you get this done?

Regards,

Susan

Sent from my iPhone

__________________________________

Be Aware

  • If you ever receive a suspicious email, do not reply or click any links or open attachments.

  • You might receive a phishing email from someone you know, particularly if that person’s account has been compromised through a phishing attack.

  • It’s good practice to never click a link in an email. Instead, open a web browser and type the website address or search for it using a legitimate search engine.


 Learn More

Although the university uses technology to block malicious emails and phishing websites, this technology is no substitute for being a conscientious Internet user. You can report messages that you believe might be phishing attempts by following the steps on the Reporting Suspicious Messages page. There you will also find a link to a site that lists recently reported phishing attempts.
 
If you ever have questions about the legitimacy of a message, you are welcome to contact the IT Service Center at help@colorado.edu or 303-735-4357 (5-HELP from a campus phone). Learn more about the IT Service Center.