BEC Scam Email with Subject “Quick assistance needed please” or “Request” | IT Security
What has happened?
We have observed a new wave of scam emails (known as Business Email Compromise or BEC) in NUS, some of which unfortunately involved individuals falling prey and leading to personal financial loss. Unlike phishing emails, these scams do not require you to click on any link or provide any credentials. Instead, they usually start with an innocuous message like “Are you available” and continue as a plea for help should one reply. Eventually, the scammer will attempt to convince and trick the victim into purchasing iTunes gift cards on their behalf. To add credibility, the emails are seemingly sent from someone of authority like the Head of Department using a spoofed email address.
What should I do?
DO NOT respond to these emails. Instead, report them using the “Report Phishing” button. You may also contact ITCare at 6516 2080 or itcare@nus.edu.sg.
Do watch the video below to learn how to spot these scam emails and protect yourself.
What should I look out for?
- The RED -External Email- banner.
- The email is sent from a person of authority, e.g. your department’s HOD.
- The email is sent from a spoofed email address with the same name as the person of authority, but from a non-NUS domain, e.g. johntan@outlook.com.
- The email is sent from a domain that looks very similar to nus.edu.sg but with subtle differences, e.g. johntan@nus-edu.sg.
- If you have previously corresponded with the supposed staff, pause to consider the tone and lingo used. If in doubt, always verify using another communication medium.
- The scammer will attempt to trick you into purchasing gift cards (iTunes gift cards especially) on their behalf, stressing on the urgency due to certain circumstances.
Here are samples emails for your reference:
Please contact IT care at 6516 2080 or itcare@nus.edu.sg if you have any questions.
Stay healthy and cyber-safe!