Information Security wants to make you aware of an active, persistent scam that is targeting the University as well as many other institutions. These types of email scams use messaging to press a recipient to act quickly, usually asking the recipient to purchase gift cards for a manager who has no time to talk.

This scam has successfully persuaded a number of individuals at the University to take action with negative consequences over the last couple of months.

Initial scam email

The typical exchange is an initial feeler email, impersonating a manager or supervisor to lure the target to respond.

Characteristics of the email are:

  • Short subject, such as “Are you available?” and “Urgent favor,” and short message intended to evade spam/phish filters
  • Impersonating someone the recipient knows, usually someone in a position of authority
  • Sense of urgency
  • Sender claims to be unavailable to talk or clarify
  • Sending email address does NOT match that of the person being impersonated
  • The Reply-To email address usually differs from the sending one.

Example:

From: Dean Smith <officeexec.mails@inbox.lv>
Sent: Thursday, September 6, 2018 11:20 AM
To: Jane Doe <redacted@uchicago.edu>
Subject: Favor

Let me know when you are available. There is something I need you to do.
I am going into a meeting now with limited phone calls, so just reply my email.

– Dean Smith

Follow up email

If the recipient responds, the next email has more detail and presses the recipient to take action. A typical request is for the recipient to purchase iTunes gift cards, scratch off the back to reveal the codes, and reply with a picture of the cards and codes.

Example email after recipient responds:

The type of card I need is Apple iTunes gift cards. $100 denomination,
I need $100 X 10 cards. When you get the cards, Scratch
out the back to reveal the card codes, and email me the codes. How soon
can you get that done? Its Urgent.

Sent from my iPad

Protect yourself

  • Be suspicious of communications with urgent requests from executives.
  • Review the sending email address closely to see whether it is a University of Chicago address.
  • Check with the apparent sender by phone call, chat, or in-person if you are at all unsure.
  • Send a separate email to the person’s usual email address.
  • Do not reply to the request itself.
  • Verify unusual requests for money (via wire transfer, gift card, or other means) from your supervisor or leadership before acting.
  • Report emails impersonating people at the University by sending them to security@uchicago.edu. IT Security staff are able to take some actions to block and report these.
  • View samples of the latest phishing scams sent to campus users: https://security.uchicago.edu/phishing/latest/
  • Familiarize yourself with how to identify other email scams at: https://security.uchicago.edu/phishing/

Please feel free to pass this message along as you deem appropriate.

Sincerely,
Jim Clark
Director of Information Security
IT Services
6045 S. Kenwood
Chicago, IL 60637
773.702.2378