To: Graduate students at the University of Waterloo
From: Jason Testart, Director, Information Security Services
Date: Thursday, April 6, 2023
Subject: Malicious supervisor impersonation emails targeting graduate students
Malicious supervisor impersonation emails targeting graduate students
April 6, 2023What is happening? There has been a recent increase in the number of malicious emails being sent to members of the University community, specifically Graduate students, from scammers impersonating faculty members and asking for help purchasing gift cards.
What should I do if I have received this email? Suspected phishing and malicious emails should be reported to the Security Operations Centre at soc@uwaterloo.ca; be sure to forward the email as an attachment. Reports of successful fraud should be directed to the University of Waterloo Special Constable Service at uwpolice@uwaterloo.ca.
How do I know if an email I received is an imposter email?
- Initial message is very brief - The first message from the attacker is usually one line (e.g., "Are you free?", "Let me know if you're free right now"). Follow up messages then ask the recipient for help in purchasing gift cards as they are busy or in a meeting, and include a request to send the gift card serial number and other information immediately.
- Look at the sender email address - Click on the sender or hold your finger on the name of the sender. If it's external and you don't recognize it, then it's likely a scam.
- Verify with the real source - If you receive a suspicious email supposedly sent by a member of the faculty or another department, find their actual contact information and reach out to them directly. Do not reply to the original message.
Learn more about cyber security best practices.
Questions or concerns? Contact the IST Service Desk, helpdesk@uwaterloo.ca or ext. 44357.
Jason Testart
Director, Information Security Services
Information Security Services