Wednesday, August 7, 2019
What is happening? Over the August long weekend, there was a significant increase in the number of financial spear phishing attempts directed at University employees.
What is Finphishing? A form of phishing done for financial gain, finphishing attempts to have the victim transfer cash or easily converted gift cards to the attacker.
What should you do if you receive such an email?
- Verify unusual requests from your manager. If you've never bought gift cards - or anything else - for that person, consider why you are being asked to do so now. Ask who the merchandise is being bought for.
- Verify the email address. Email clients may display only the text name, not the address, so employees need to look closely.
- Compare the text to other messages for your manager. If spelling, punctuation, or choice of words differs, it is likely an attack.
- When in doubt, verify using a different contact method. Don't ask in the email thread for a phone number. Look it up yourself and call or message the purported manager.
- Be suspicious when you are told you will be reimbursed. If the financial arrangements and payments are not in keeping with normal practice, don't go along with them.
For more information: https://uwaterloo.ca/information-systems-technology-newsletter/fall-2018/feature/finphishing
Questions or concerns? Contact the IST Service Desk, firstname.lastname@example.org or ext. 44357.