Email Fraud

TO:  University Employees

FROM:  Derek Masseth, Deputy CIO, Chief Technology Officer, and Interim CISO

SUBJECT:  Email Fraud

UA Information Security has received several reports of fraudulent emails appearing to be sent from campus executives (e.g., President Hart) to individuals who report to them.  These emails differ from widespread spear phishing, in that they identify the individual by name and contain specific requests that the “sender” may legitimately ask of the recipient. This website gives an example of one of the emails received: http://www.bbb.org/western-michigan/news-events/bbb-warnings/2016/w-2-fa...

If you receive an email that appears to be from your supervisor or campus leadership that contains a suspicious request, please verify the contents with the apparent sender.  If the request is fraudulent, please forward the email to UA Information Security (infosec@email.arizona.edu) using one of the following two methods:

  1. Forward the original email as an attachment: Full instructions for forwarding emails as attachments can be found at http://security.arizona.edu/forwarding-phishing-email-attachment-guide.
  2. Send the full email headers:  If you are unable to forward the email as an attachment, please send along the full email headers.  You can go to http://security.arizona.edu/full-email-headers-guide for instructions on displaying and sending full headers.

Thank you for your assistance in combatting email fraud.