VIP Impersonation Scam

Occasionally, SSCF receives reports of a scam targeting UCSD affiliates. Most frequently, the scammers pretend to be Chairs of departments, and target faculty and graduate students; although in principle they can impersonate and target anyone.

This has been reported by at least the Economics, Communication, and Sociology Departments, and reports typically come in from multiple Departments near the same time. It's likely that one group is harvesting information to target multiple Departments simultaneously.

Features of the scam

The above email is an example of a scam of this variety. Three things are worth noting:

• The email uses the name of a UCSD affiliate (often a Department Chair). Often they'll include a signature, which may or may not be the same one that the Chair/affiliate uses themselves (although this one does not). In this particular instance, the affiliate's name has also been spelled incorrectly; which is a major red flag.

• The address that the scam comes from is a non-UCSD address, typically gmail.com. This address makes an attempt to mimic the affiliate's information, but some are gibberish, e.g. fdsah431njsif@gmail.com

• The body of the email is vague, sometimes it requests information like this one, but sometimes it just asks something like "are you available?". The purpose of the vagueness is to prompt a response from the victim before it's clear that the scammer's intentions are malicious. 

How it works

The most important thing to know about this phish is that the scammers are using public information (taken from Blink, department websites, etc) and unofficial accounts; they have not compromised the accounts of the people they are impersonating, nor the people they are targeting, at least not at this point. 

A rough analogy to this scam using physical postage would be scammers utilizing Google Maps or a phone book to identify a random physical address, and sending letters with the return address written as that address to its neighbors to give it the pretense of legitimacy. The scammer does not live at the house they're writing on the envelope, but are lying about their residence to try to trick the recipient into opening the letter.

In both cases, the scammer takes advantage of public information to hide their malicious intentions. In the case of the phish/email scam, once a conversation has been established victims are less likely to question the identity of the other party; and will sometimes comply with the scammers' demands before they realize something is wrong.

Based on reports from victims who have initially complied with the scam, we suspect that eventually the scammers will direct them to a store and ask them to purchase gift cards. More information about gift card scams can be found here: https://www.consumer.ftc.gov/articles/paying-scammers-gift-cards

What can be done about the scam

Unfortunately, there's little that can be done to proactively stop the scam, since it doesn't rely on anything that SSCF or campus have control over. There are some ways to reduce the impact of the scam however, and to be on the lookout for it:

• Always look for the address that an email comes from (don't trust the name on the email). Especially if the address is gibberish -- e.g. fndaif8543@gmail.com -- the message is very likely to be illegitimate; however any mail from a UCSD affiliate not sent from a UCSD address should be met with skepticism.

• Only use your UCSD email address for campus business, if at all possible. This allows your colleagues to identify scams like this, and immediately disregard any email impersonating you from an off-campus address.

• Always verify requests before providing personal information. If a colleague asks you for your phone number, for instance, start a new email thread by sending a message to their UCSD account asking them to confirm that they need it; or drop by their office in person if circumstances allow it.

• Forward emails you suspect to be scams to abuse@ucsd.edu. Emails forwarded to that address help the campus spam filter learn to block the next malicious messages before they reach your inbox.

• If the scammer is using a Gmail address, you can report them to Google here and here

If you have any questions, or are not sure if an email you received is legitimate, please don't hesitate to reach out to your SSCF representative, and we'll be happy to work with you!