We’ve had multiple reports about a spear phishing attack that asks UD staff to process a wire transfer for a specific amount.
The recipient of this message forwarded it to her supervisor to see if it was legitimate or not, and for him to process if it were a legitimate request. It wasn’t. The specific amount of the wire transfer lent some credibility to the scam, but the number of typos and vague language (What is the money for? Is there an invoice number?) makes it pretty clear that this email is a scam.
A foreign hacker researched the UD directory and selected four people to receive this phish. It was designed to start a short con in which each recipient would reply to the phish to receive the account number for the wire transfer and then send the money to the criminal.
What you should do
- Watch your 2017 Secure UD Training to stay informed about threats like this one. This scam is very similar to one described in the “Email, Phishing, and Messaging” module in the Secure UD Training available to UD employees.
- Think B4 U Click! Just spending a few seconds thinking about the email should make you suspicious. Typos. Email from a .lt (Latvia) address. Unexpected request for payment.
- If you see a suspicious email, forward it to firstname.lastname@example.org and discuss it with your supervisor or departmental IT staff. This phish was caught promptly because one of it recipients notified her supervisor and email@example.com.