What is a Joe Job?

When discussing or reporting malicious email, you may hear the term "Joe Job." What this means is that somebody has pretended to have an email address that they don't actually control, generally to try to trick the recipient into opening or taking seriously an email they might otherwise ignore. The reason this is possible is due to the protocols underlying email, such as  Simple Mail Transfer Protocol (SMTP) having been defined before Internet security was considered to be very important.

There are certain protections organizations may undertake to defend themselves against their own domain(s) being Joe Jobbed or otherwise spoofed, but these are not completely effective and have largely not been fully implemented at Waterloo due to historical reasons.

Identifying a Joe Job

  • If somebody fakes your email address in the From field of one of their emails (often spam), you may receive a large number of notifications that an email you did not send was undeliverable.
  • It is also possible that if you receive a large number of such notifications, your email account has actually been compromised.
  • You cannot trust the From address that appears in your mail client, so you may find you are the recipient of a Joe Job. If you suspect that somebody has been impersonating somebody else with a University address, it is best to contact that individual by either emailing them directly (do not reply to the suspicious email).

Reporting compromised accounts

Your personal account has been compromised

Should you receive a large number of undeliverable email messages, please forward several samples of these notification emails, with full headers or as an attachment, to soc@uwaterloo.ca for further analysis.

You suspect a UWaterloo account has been compromised

If you suspect that somebody has been impersonating a University address, it is best to contact that individual by either emailing them directly (do not reply to the suspicious email) or by contacting them through some other means (e.g. in person, by telephone). Please forward the original message as an attachment to soc@uwaterloo.ca.