Hi all,
I wanted to send a reminder about fraudulent emails that impersonate a faculty or staff member. Since our email directory is (unfortunately) public, scammers will often try to trick recipients by creating an email account on a free email service like Gmail, Outlook, or Yahoo. They will create the account with the same name, but a different email address, as a person in a position of authority here. They impersonations are typically of a department chair or director, a dean, a vice-president, etc.
Below is a screenshot of an email from today that impersonated President Wheeler. As you can see - the 'name' says "Darrell Wheeler" but the from address, which I highlighted in red, is definitely not an @newpaltz.edu email address. It's just a random Gmail address.
The 'caution' banner that indicates it is from an external source is shown at the top of the message though, and in this particular case the message was marked as spam.
How to recognize these scams
These are some of the common red flags for these scams.
- The sender's email address is external: The quickest way is to notice a message from someone purporting to be your department/division/school head, but with an external email address - almost always a gmail.com address.
- Extremely short messages: If you don't notice the sender's address - the initial messages are almost always short. They always ask short questions like "Are you available" or similar messages like that.
- Sense of urgency: There will almost always be cues of urgency. The sender may claim they are busy (due to a meeting, a flight, or other contrived situations) and need help with something.
- Asking for cell to text: After a few messages, they will usually ask for a cell phone so they can text you.
- Asking to buy gift cards: After one or more messages, they will ask you to do them a favor. Typically, they will ask to buy gift cards (with some contrived story about being too busy, in a meeting, travelling, etc. - and forgetting a birthday, anniversary, etc.), with a promise of repayment.
If you receive a message that purports to be from your supervisor or department head or another person in a position of authority here that seems suspicious - try to get in touch with them in-person, or via a phone call if you're uncertain.
If you aren't certain, you can also forward the message to InformationSecurity@newpaltz.edu.
See the articles at the links below for more information on this:
Chronicle of Higher Education: https://www.chronicle.com/article/phishing-scheme-targets-professors-desire-to-please-their-deans-all-for-500-in-gift-cards/
Federal Trade Commission: https://consumer.ftc.gov/consumer-alerts/2021/09/your-boss-isnt-emailing-you-about-gift-card