12/06/2018 - DotCIO warning on email spoofing

Thu, 12/06/2018 - 09:38 -- donohm2

There are numerous ongoing attempts to spoof email from Rensselaer faculty, deans, administrators, and staff.

Email spoofing is the creation of a free-email account, such as Gmail, Yahoo or others, under the name of somebody else.  The email address sometimes, but not always, includes the person's name. Often just the name field is forged, since this is displayed by most email clients.

The spoofed email usually asks for a favor, such as purchasing gift cards and sending the card's serial number.  This might be under the pretext of traveling or being unable to leave a meeting, and needing help with some gifts.  But there is no reason for the forgers to limit themselves to this particular scam.

It is difficult to block these since the email address is valid---it was just created under an assumed name, and is being used maliciously.   Therefore the recipient needs to be cautious when they receive an email that appears to be from a legitimate person, but the content seems suspicious, or asks for money, gift cards or requests personal information.

Do not rely on just the Display Name, and beware of email addresses put in the display name.  To see the real email address you may be able to hover over the person’s display name, or your email program can be configured to show the email address in addition to the display name. If the email address is not an @rpi.edu address suspicion is warranted. The key is to be vigilant.  If you suspect something, call the person for verification.  You can also submit a Support Request via https://support.rpi.edu to have IT personnel provide further investigation.  

Any questions on this please feel free to contact Mare Donohue, Help Desk Manager, RPI.