Display Name Spoofing Scam Hits University Staff

Display Name Spoofing Scam Hits University Staff

Avoid suspicious mail from ‘charlene.chainz@otago.ac.nz’

The University has issued a warning that its staff be careful after a spate of ‘display name spoofing’ scams.

University staff have been receiving emails where the display name is made out to be that of a senior staff member, while the actual email address has no relationship to the person.

The emails usually contain a request to do something, such as “do me a favour”, which may actually involve giving the scammer access to money.

Allegedly some of the emails sent under the name of OUSA President James Heath.

A University Information Technology Services spokesman said automated detection of the emails is “exceedingly difficult” as they are from valid Gmail, or other free email, accounts and their content changes a little bit each time.

Instead, staff were advised to be wary and report these attacks to IT Services so they can be blocked. The IT Services spokesman said staff were told to reply to emails from a computer, rather than a phone or tablet, where they can hover over the sender and show what the address says. “If it doesn't match what you expect (i.e. a University of Otago email address) then you should contact the sender via telephone (not email) to confirm them sending. If you continue to receive emails from the scammer, ignore these by deleting them or creating a rule to delete them.”

“The University of Otago has not been ‘hacked’. It is not the only organisation suffering from these attacks, many other organisations around the world are having problems with these scams,” said the spokesman.

This article first appeared in Issue 6, 2019.
Posted 9:49pm Thursday 28th March 2019 by Esme Hall.