We want to make you aware of an active, persistent scam that is targeting the District. These types of email scams use messaging to press a recipient to act quickly, usually asking the recipient to purchase gift cards for a manager who has no time to talk.
Initial scam email
The typical exchange is an initial "feeler" email, impersonating a manager or supervisor to lure the target to respond.
Characteristics of the email are:
- Short subject, such as “Are you available?” and “Urgent favor,” and short message intended to evade spam/phish filters
- Impersonating someone the recipient knows, usually someone in a position of authority
- Sense of urgency
- Sender claims to be unavailable to talk or clarify
- Sending email address does NOT match that of the person being impersonated
- The Reply-To email address usually differs from the sending one.
From: Principal Smith <email@example.com>
Sent: Thursday, September 6, 2018 11:20 AM
To: Jane Doe <firstname.lastname@example.org>
Are you available?
Follow up email
If the recipient responds, the next email has more detail and presses the recipient to take action. A typical request is for the recipient to purchase iTunes gift cards, scratch off the back to reveal the codes, and reply with a picture of the cards and codes.
Example email after recipient responds:
The type of card I need is Apple iTunes gift cards. $100 denomination,
I need $100 X 10 cards. When you get the cards, Scratch
out the back to reveal the card codes, and email me the codes. How soon
can you get that done? Its Urgent.
Sent from my iPad
- Be suspicious of communications with urgent requests from executives.
- Verify unusual requests for money (via wire transfer, gift card, or other means) from your supervisor or leadership before acting.
- Review the sending email address closely to see whether it is a SCCPSS address.
- Check with the apparent sender by phone call, chat, or in-person if you are at all unsure.
- Send a separate email to the person’s usual email address.
- Do not reply to the request itself.
- Report emails impersonating staff from SCCPSS by using the "Report Message" button Outlook. IT Security staff are able to take some actions to block and report these types of emails.