ADVISORY: Phishing emails targeting university financial information via fraudulent wire transfer requests
3/3/15 update: This article describes similar phishing emails that resulted in significant financial losses at a Nebraska company: Company loses $17m in email scam (The Guardian)
This information was sent the U-M IT Security Community via email on March 3, 2015.
Hello IT Security Community,
University staff are being targeted by criminals who are sending fake emails asking them to send university finances via wire transfer to accounts owned by the criminals. We saw a few of these phishing emails here at U-M late last year and received reports of additional phishing emails over the past two weeks.
We have been informed by threat intelligence services, as well as trusted colleagues at other academic institutions, that many colleges and universities are receiving similar fake emails purporting to come from executives at their institution such as their university president, vice-president, General Counsel, or others. The fake emails, which are usually brief and appear at first glance to be genuine, attempt to convince the recipient to share sensitive information about financial transactions (see an example below).
Please remind staff you work with to be wary of emails that ask them to share or provide sensitive information, including financial information. If you or those you work with are unsure about the authenticity of a request, we recommend that you verify the request by phoning the person the email appears to be from. In addition, you should forward suspicious messages to firstname.lastname@example.org.
- Protect Yourself & the University from Spear Phishing (Safe Computing)
- Spam, Phishing, and Suspicious Email (Safe Computing)
The following is an example of a fraudulent email that was received at U-M last year:
Good day, hope you are having a nice day. Please i will need you to take care of a bank transfer for me today. Let me know the required information needed for you to process the Wire transfer.
[president's full name]