The UBC Cybersecurity team is aware of an ongoing campaign of CEO Fraud currently targeting UBC.
The sender asks the recipient to go and buy a certain number of gift cards (iTunes, Steam, Amazon, etc) in specific denominations, scratch the back of the cards then send pictures of the back of the cards to the sender. The sender will always be unavailable to discuss the request via phone or in person and promises that the email recipient will be reimbursed for the gift card purchase. You mentioned that you responded to the email. Did you get a response back? And did you act on it?
Similar emails that are more targeted, usually to someone in a finance role, are where the sender attempts to get the recipient to arrange a fraudulent wire transfer.
We recommend that where a financial transaction (even gift cards) is being requested to always get confirmation by asking the sender in person or via phone (UBC phone number or cell phone (if known)) before acting on the request.
The scammers are targeting UBC and not the individual recipients. If anyone falls for the scam, they should not not be out-of-pocket for the cost of the gift cards.
If you have received an email with any of the following criteria:
1) Purporting to be from the head of unit
2) Asking respondent for their cell phone numbers
Please take these important security steps immediately:
- Reply to the sender
- Provide any personal details
- Click on any links
- Show any interest in what the sender is requesting or promoting
If you have already given away your personal cellphone details:
- Block the sender
- Filter messages from unknown senders
- Register your phone number with the Canada’s National Do Not Call list (DNCL @ https://lnnte-dncl.gc.ca/en)
- Refer to your cell service provider for their recommendations on combating phishing:
– Rogers – https://www.rogers.com/web/support/internet/phishing/170
– Telus – https://www.telus.com/en/bc/support/article/identity-theft-fraud
Whether you’ve responded to the message or not
- Forward (as an attachment) any suspicious messages to firstname.lastname@example.org