Tech Tips: Email Scams

April 9, 2019

Tech Tips GraphicWe’ve seen an increase in instances of a new email scam.  The scammers are impersonating high-level executives at Duke –including our own dean!  It’s a new scam designed to obtain gift cards.

So, do these things really work?  You bet – and cyber criminals are getting more creative in how they are trying to scam us.  Here’s what to look out for … 

 

But first, here’s our Tech Tip of the Week –

YouTube.  We all use it.

Ever started watching a YouTube video and you wanted to skip to the good part?  Here’s a great way to quickly skip ahead and back:

  • Open a YouTube video (skip the ad);
  • Use the number keys to skip back and forth:
    • Press 2 to go to the 20% mark
    • Press 5 to go to the halfway mark
    • Press 8 for 80%
    • Press 0 to start over

You get the idea – try it out!

 

Email Scams

Back in the day, we were all getting really good at spotting spam email.  Misspelled words, bad grammar – some of them were funny at just how bad they were.  But now, cyber-criminals are getting more sophisticated in how they try to scam you. 

One of the latest techniques they are using is to send an email message impersonating a busy executive, usually your boss or instructor.  It begins innocently enough with a “feeler” message – no phishing attempts, no links to click.  Just a simple:

Are you available?

It looks legit.  The scammer even uses the same email signature of the executive.  If you respond, you’re “hooked” and the sender goes in for the scam.  

 

Buy some iTunes gift cards

If you take the bait and respond, the scammer replies (as your boss or faculty member) that they are really busy and need you to purchase some iTunes gift cards to give to donors, staff or some other VIP – and they need them quickly.  If you follow through, they’ll eventually ask you to scratch the redemption codes and send them via email.  

This scam is working!  There have been cases where recipients have used their own personal funds to purchase iTunes cards for someone they thought was their boss.

The criminals are getting better at their attempts.  Using publicly available resources, such as on-line directories, they research the reporting structures of large organizations and take the time to craft a message that is convincing.

 

What if you receive one?

First, just remember that it’s doubtful a Duke executive would make a request like this.

Still, these emails look legit.  If you are unsure, do the following:

  • Be suspicious of urgent email requests from executives to purchase gift cards.  
  • Look at the sender’s email address.  It will probably have some variant of the name of the person they are impersonating, but it won’t be a real Duke email address (<name>@duke.edu). 
    • If it’s a scam, it will be something ending in gmail.com, yahoo.com or some other non-Duke source.
  • Call the (supposed) sender to verify they actually sent it. 
  • As always, we appreciate your forwarding a copy to citdl@mc.duke.edu for further analysis.
 

Going deeper…

It used to be fairly easy to spot a phishing email.  

Now, the cyber-criminals are getting personal and we expect to see more realistic email scams in the near future.  Be on the lookout for fake family emergencies, bogus job offers and other creative work- or school-related scams.  These crimes are becoming more difficult to trace, which will increase their effectiveness.

Your email inbox is like your phone – if you don’t recognize the source of the message, verify before trust.

 

Have any questions about this or other tech used at DUSON?

As always, if you have any technical questions or problems, please contact your IT Service Desk at 919-684-9200, or email to citdl@mc.duke.edu.

Scroll back to top automatically