In recent months we've seen an increase in email that has the name of a staff member, usually a supervisor or director, on it but is from an unknown email address. Anyone can put any name they like on an email account, so it's very hard to prevent this. However they tend to send phishing email like this in an attempt to steal money. A previous previous blog entry described how payroll phishing works. But the problem is beyond that. Here's an example of one where there was an initial email asking if the person was available. If they answered, it was followed up with another instructing them to buy gift cards. See below:
I’m heading into a meeting for the next hour, so just reply my email. I want to surprise some of the staffs with gift cards today,I want you to keep this between us till they get it.I need you to get me 4 Target Gift Card of $500 face value each and amounting to $2000
get the physical cards, then you scratch the back out and take pictures and attach the pictures showing the pin and email it to me here. I intend to dispatch via email.
Can you get on this right away?
Note the poor grammar and the sense of urgency that is displayed in the message. This should raise your antenna immediately. No one here would ask that such a strange task would be done either. If you get an email that doesn't seem to add up, especially if it is marked as external, please contact the supposed sender by other means (i.e. phone call or face to face) to verify before doing anything. Send it to the IT Help Desk as well so that it can be checked on and to see if others got it as well. We can help block and pull back some these messages if needed. As always, please be vigilant when dealing with email.