Skip to content

Email impersonation targets Duke

The IT Security Office has received an increase in email impersonation fraud where attackers request eBay gift cards. Emails are spoofed to appear to come from someone at Duke but are actually from an external account and target employees’ Duke and personal email addresses.

Often, the attacker will attempt to move the conversation to text. The scammer’s goal is to get the victim to purchase gift cards and send them the codes. Duke staff, faculty and students should report any suspicious emails using the "Report Phish to Duke" button in the OWA / Outlook clients to facilitate automated investigation and response. 

If you received a message like this and replied with any personal information, money or gift cards, please contact the IT Security Office at

Read more about email impersonation fraud.