Phishing Alert - CEO Fraud Email

Information Security has observed a new sophisticated phishing attack commonly referred to as Business Email Compromise or CEO Fraud.


This style of phishing attack incorporates spoofing the sender's address so as to appear as if it is being sent from an authentic WPI.EDU email address. This is a social engineering scam in which cybercriminals are spoofing company email accounts and impersonating executives or colleagues in an attempt to execute unauthorized wire transfers, collect confidential tax information, or even request the purchase of gift cards.


These fraudulent emails look perfectly legitimate but when you reply, the address will change to "" or some other non WPI.EDU Email address. Please do not engage the fraudsters and report these messages to or

Action Needed

Do not reply to the message. Please report suspicious email to the IT Service Desk.


Image of an email spear phishing attempt

An example email of a spear phishing attempt

Image of a the email to field showing that this address is not legitimate

When looking at the sender, note that the address is not a legitimate WPI address


Posted: 11 June 2019, 8:15 PM

Start: 11 June 2019, 7:30 PM






11 June 2019

7:30 PM


11 June 2019, 8:15 PM


Alumni Emeritus Faculty Staff Students