Increase in malicious email threats at Waterloo

Thursday, November 22, 2018

Information Systems & Technology (IST) has detected an increase in malicious email known as “Imposter email threats” on campus.

What is it?

  • Imposter email threats are a class of financial phishing email where the sender of the email is pretending to be a senior executive of an organization
  • Known as “business email compromise” and “CEO fraud”

How does it work?

  • The imposter will target employees at the institution requesting an urgent payment or wire transfer be made
  • The imposter may claim to be indisposed (e.g. at a conference, in a meeting) and making the payment in this fashion is, as a result, the only way
  • Email replies from the recipient to the imposter will be answered

Imposter email threats at Waterloo

Actual threats received to date have used the name of one of the University’s leadership. These emails will usually show a valid display name (i.e. who the email is from), but will use an off-campus address. 

Be sure to verify the sender’s email address before replying to any suspicious email.

Verifying the sender’s address

There may be different ways to check the from address of a suspicious email, depending on the email client being used. Some common methods include:

  • email contact card exampleReview the display name
    • It may show the suspicious email address, not an actual name
  • Hover your cursor over the email display name
    • You may then need to hover over the envelope icon
  • Click the (circle) icon beside the sender’s display name and view their contact card, as shown here

Are you an easy target?

Checking and replying to email from our mobile devices, while convenient, may encourage us to react more immediately to the urgency of the imposter email. It is also almost impossible to verify the sender's email address from a mobile device. Confirm the sender and the request before reacting. 

Have you been targeted?

If you believe you have been a target of Imposter Email or some other form of financial phishing, please contact the Information Security team by email at soc@uwaterloo.ca or by telephone at ext. 41125.

When forwarding email samples, please follow these directions to ensure the team receives the detailed information required for analysis.

  1. 2019 (25)
    1. March (8)
    2. February (7)
    3. January (10)
  2. 2018 (112)
    1. December (6)
    2. November (7)
    3. October (8)
    4. September (10)
    5. August (9)
    6. July (11)
    7. June (11)
    8. May (12)
    9. April (9)
    10. March (8)
    11. February (5)
    12. January (16)
  3. 2017 (113)
    1. December (11)
    2. November (11)
    3. October (9)
    4. September (8)
    5. August (6)
    6. July (6)
    7. June (16)
    8. May (10)
    9. April (7)
    10. March (7)
    11. February (13)
    12. January (9)
  4. 2016 (136)
  5. 2015 (203)
  6. 2014 (210)
  7. 2013 (95)
  8. 2012 (187)
  9. 2011 (120)
  10. 2010 (114)
  11. 2009 (233)
  12. 2008 (100)
  13. 2007 (2)