Security Warning – Calls and Emails Impersonating Vendors: โ€“ June 30, 2016

Lately, there has been a pattern of cybercriminals impersonating as a vendor (e.g. IBM) and contacting staff and faculty in higher education institutions soliciting sales via phone calls and/or emails. Oftentimes, if it is a phone call followed by an email providing you additional information, which contains malware.

An incident occurred at another university which the attacker posed as a very persistent reseller of IBM equipment. The attacker was well-prepared in advance and had identified his target by name and role, and emailed/called him repeatedly over the course of a week to forward a product/price list.

It seems legitimate as the cybercriminals appear to be from known companies, but it is important that we not provide any information or open links and attachments in these emails. Attachments and/or links may contain malware, specifically ransomware. Always check corporate directories for official contact details before responding to unsolicited sales calls or emails.

If you have any questions, please contact security@ubc.ca.