E-mail Impersonation Fraud (Update)

August 2, 2019

The IT Security Office has seen a recent increase in reports of email scams where attackers impersonate Duke faculty and staff, asking other employees to purchase gift cards or make wire transfers.
These emails usually appear to come from staff members in management positions and follow the same general format:
1. The attacker registers an email address with an external email provider (such as Gmail) that appears as if it may be a personal email account for the person being impersonated.  
2. Using publicly available information to determine targets, the attacker sends a message to users they suspect may work with the person they're impersonating. These messages are usually simple in nature and ask a question such as "Are you available?" or "May I ask a favor of you?".
3. If the user responds to the message, the attacker will respond to begin the fraud. Typically, this will lead to them asking for money to be transferred or for gift cards to be purchased.
Any email message from a Duke employee not originating from a duke.edu email address should be treated with suspicion. As always, any suspicious message can be reported to security@duke.edu for evaluation.

What to look for: the email

Screenshot_2019-08-02 Mail - Niko Bailey - Outlook.png