Skip to main content

Subject:  Email-based Scams
Submitted for:  Information Technologies & Resources
Submitted by:  UCF Information Security Office

The Information Security Office would like to bring to your attention several email-based scams.

Direct Deposit Scam

In a direct deposit or payment scam, criminals will impersonate employees and request a change to their payroll accounts.  Often these emails come from an external address, but display the employee’s name.  If you should receive such an email, we recommend contacting the employee via phone or in person to confirm the request.  Report the email via the Phish Alert button and do not reply to the sender.

Gift Card Scam

This scam impersonates a fellow employee, or supervisor, and asks the recipient to purchase gift cards for an important business transaction or a special event such as a birthday.  The email directs the recipient to respond with the gift card codes and promises reimbursement later.  In many cases, the sender claims to be busy and unavailable for phone calls, preventing the recipient from verifying the request.  If you receive such an email, we recommend not replying to the sender.  Instead, report it to SIRT.

Holiday Scams

As the holiday season approaches, we expect to see some of the following:

– shipping notifications that appear to be from companies such as UPS, FedEx, or others, claiming that a shipment has been dispatched or a delivery was attempted
– emails sent to employees claiming to be from the payroll department, discussing end-of-year bonuses, or lack thereof
– Black Friday and Cyber Monday “deals” that seem too good to be true
– fraudulent receipts claiming a large purchase was made recently on a credit card
– surveys offering free gift cards in exchange for personal information
– holiday e-greeting cards from unknown senders
– fake charity solicitations

 

It’s important to remain vigilant, view any unusual requests received via email with skepticism, and report any suspicious emails to SIRT.  For more information regarding phishing and ways to report it, visit our phishing page at https://infosecucfitcmsqa.smca.ucf.edu/phishing.

Stay informed on social media.  Follow us on Twitter:  https://twitter.com/ucf_infosec.  We will be posting examples of these scams throughout the month.

If you have any questions or concerns, please visit our website at https://infosecucfitcmsqa.smca.ucf.edu or email us at infosec@ucf.edu.