The University is seeing an increase in malicious email known as “Imposter email threats” across campus.
What is it?
Imposter email threats are a class of financial phishing email where the sender of the email is pretending to be a senior executive of an organization.
Also known as “business email compromise” and “CEO fraud”.
How does it work?
The imposter will target employees at the institution requesting an urgent payment or wire transfer be made.
The imposter may claim to be indisposed (e.g., at a conference, in a meeting) and making the payment in this fashion is, as a result, the only way. Email replies from the recipient to the imposter will be answered.
Review before reacting
These emails will usually show a valid display name (i.e., who the email is from), but will use an off-campus address. Be sure to verify the sender’s email address before replying to any suspicious email. Some common methods include:
- Review the display name: It may show the suspicious email address, not an actual name
- Hover your cursor over the email display name: You may then need to hover over the envelope icon
- View the sender contact information: Click the (circle) icon beside the sender’s display name and view their contact card
Are you an easy target?
Checking and replying to email from our mobile devices, while convenient, may encourage us to react more immediately to the urgency of the imposter email. It is also almost impossible to verify the sender's email address from a mobile device. Confirm the sender and the request before reacting.
Have you been targeted?
If you believe you have been a target of Imposter Email or some other form of financial phishing, please contact the Information Security team by email at soc@uwaterloo.ca or by telephone at ext. 41125.
When forwarding email samples, please follow these directions to ensure the team receives the detailed information required for analysis.