One of the most frequent and effective techniques that an attacker uses is through social engineering. Social engineering attempts to trick a user into doing something that they should not do, such as revealing sensitive information or processing an unauthorized transaction. Social engineering attacks come in many different forms and a common one is called an impersonation attack. The scammer researches the organization through information that is publically available to identify key individuals, such as, the dean, the provost, or a manager. Once the attacker has this information, they compose an email pretending to be from a Pace community member. The email often appears to originate from the actual Pace community member since the attacker sends from a third party email account with the same display name as the person they are attempting to impersonate. The impersonation email may ask you to fulfill some type of “urgent” request and often the scammer states that they are unavailable to speak. The attacker may ask you to take an action such as placing a wire transfer, purchasing gift cards, or providing sensitive information. The scammer may also attempt to send you text messages to trick you into performing other fraudulent actions.
If you suspect that you have received such a message, please follow the below steps:
- DO NOT reply, provide any information, open any attachments, or click on any links.
- REPORT it by sending the spam/phishing email as an attachment to firstname.lastname@example.org.
- DELETE the spam/phishing email from your Inbox and permanently remove it from your Deleted Items folder.