Phishing Alert - CEO Fraud Email
Information Security has observed a new sophisticated phishing attack commonly referred to as Business Email Compromise or CEO Fraud.
This style of phishing attack incorporates spoofing the sender's address so as to appear as if it is being sent from an authentic WPI.EDU email address. This is a social engineering scam in which cybercriminals are spoofing company email accounts and impersonating executives or colleagues in an attempt to execute unauthorized wire transfers, collect confidential tax information, or even request the purchase of gift cards.
These fraudulent emails look perfectly legitimate but when you reply, the address will change to "email@example.com" or some other non WPI.EDU Email address. Please do not engage the fraudsters and report these messages to firstname.lastname@example.org or email@example.com.
Do not reply to the message. Please report suspicious email to the IT Service Desk.
An example email of a spear phishing attempt
When looking at the sender, note that the address is not a legitimate WPI address
Posted: 11 June 2019, 8:15 PM
Start: 11 June 2019, 7:30 PM