Information Security
Page tree


What it is:

The Fake Boss Email scam has been gaining in popularity around the Internet in the last couple of years, and we've seen an increase in these types of attacks at Syracuse University as well.  The scam works like this:

  1. The Research: Bad actors research an organization's publicly available organizational information to determine the names of leaders and their subordinates.   Very savvy bad actors will get additional information to make their scam more believable like email signature formats, phone numbers, or even names of active programs within a department or school.
  2. The Setup: They will then create a fake email address that may look similar to the manager's email address, such as "jdoe.syr.edu@gmail.com."
  3. The Lure: Their next step is to lure you in.  The bad actors will send you an email that asks things like "Are you there?" or "Can you reply to this email so I know you're around?" 
  4. The Conversation: Their goal is to start an email conversation with you.  They will often claim  they are off campus and in a meeting and can't call you, so email is the only way to communicate.
  5. The Scam: After conversing with you, they will give you a story about how they need a task done.  Usually, it revolves around a friend or family member's birthday they need to attend right after their meeting, and they want you to buy some gift cards for them that they will pay you back for tomorrow.
  6. The Loss:  If you fall for this scam, you are often out the money you spent to purchase the gift cards.  Even credit card companies will often not refund your money since you made the purchase yourself.

Example:

There's a great example of this scam out at KnowBe4's "Scam of the Week" blog.  Its worth the 5 minutes to read it.

What to do:

  1. Pay close attention to the email address.  If it's not from your manager's  address, it should be immediately suspect.
  2. If you're still unsure, call your manager's office and ask if the claim in the email makes sense.
  3. For more assistance, reach out to your unit's IT Support staff or email our team at itsecurity@syr.edu
  4. Delete the "bad" email address from Outlook.  Outlook may be remembering the bad actors email address, and you may inadvertently email them the next time you try to email your manager.  Outlook may "help" you by auto-completing your intended address with the bogus one.  Here's how to delete that address out of Outlook's autocomplete list.
    1. For Windows
      1. Start a new message by clicking "New Email" 
      2. Start typing your manager's name in the "To" field
      3. You should see a list titles "Recent People" pop up as you're typing
      4. If the fake address pops up, click the "x" next to it to delete it.
    2. For Mac
      1. Start a new message by clicking "New Email" 
      2. Start typing your manager's name in the "To" field
      3. You should see a list titles "Contacts and Recent Addresses" pop up as you're typing
      4. If the fake address pops up, click the "x" next to it to delete it.
  • No labels