LEXINGTON, Ky. (Jan. 11, 2019) — Information Technology Services (ITS) has been made aware of a new email scam. This scam attempts to impersonate an executive at the University of Kentucky to request that money be sent in the form of a gift card.
The phishing email has used a Gmail or Yahoo email account that looks similar to the email address of the executive they are impersonating. Example:
From: UK Executive <UKExecutive@gmail.com>
Sent: Wednesday, January 9, 2019 8:37 AM
To: Doe, John <firstname.lastname@example.org>
Subject: Re: Follow up
Are you available?
On Wed, Jan 9, 2019, 2:44 PM Doe, John <email@example.com> wrote:
I haven't made it into the office yet, but if it's urgent you can call me. 1234567
John Doe, UK Employee
On Jan 9, 2019, at 2:45 PM, UK Executive <UKExecutive@gmail.com> wrote:
I'm in a meeting right now and that's why I'm contacting you through here. I should have call you, but phone is not allowed to be use during the meeting. I don’t know when the meeting will be rounding up, And I want you to help me out on something very important right away.
On Wed, Jan 9, 2019, 2:50 PM Doe, John <firstname.lastname@example.org> wrote:
I should be in soon. Let me know when you are out of your meeting.
John Doe, UK Employee
On Jan 9, 2019, at 2:51 PM, UK Executive <UKExecutive@gmail.com> wrote:
I need you to help me get an Amazon gifts card from the store, I will reimburse you when I get to the office. I need to send it so someone and it is very important cause I'm still in a meeting and I need to get it sent Asap.
We ask that you share this warning and remind colleagues not to provide information, click on links or attachments in emails that are unexpected and/or from unfamiliar people, and never send money or gift cards without verifying the recipient. How to detect a potential scam:
- poor syntax and/or grammar;
- an unspecified sender;
- links that ask you to click onto a non-uky.edu address for “secure verification”; and/or
- a fake reply address e.g., UKexecutive@gmail.com, UKexecutive@yahoo.com, etc.
If you use Microsoft Outlook and receive one of these or similar phishing emails, please click on the “Report Message” button in the top right corner of the message window. You can also create a new email message addressed to email@example.com — then, attach the questionable email to inform ITS that a malicious email is circulating.
We appreciate your assistance as we work together to curtail the spread of phishing communications.
UK is the University for Kentucky. At UK, we are educating more students, treating more patients with complex illnesses and conducting more research and service than at any time in our 150-year history. To read more about the UK story and how you can support continued investment in your university and the Commonwealth, go to: uky.edu/uk4ky. #uk4ky #seeblue