Be on the lookout for executive impersonation fraud

In recent weeks, authorities have become aware of an increasing occurrence of Executive Impersonation Fraud.

Executive Impersonation Fraud involves a malicious actor masquerading as an executive of a company in order to request the transfer of funds to an external account. The attacker may contact the finance department directly, or send the request through an administrative assistant.

The urgent transfer of funds is done by email. The malicious actor uses obfuscation techniques to create a legitimate looking email; however the reply-to address often redirects to another domain or hijacked account.

This type of attack is very sophisticated, and the attacker may have an understanding of relationships and procedures within the department of the target executive. In many cases, the attacker has been able to obtain information from the target executive’s schedule in order to choose a time to send the attack email that would increase the likelihood of success.

At McMaster University, targets for impersonation may include anyone with the authority to request the transfer of a large amount of money.

Tips on how to protect yourself from this scam:

  • Employees who receive requests for the transfer of funds via e-mail must confirm the transaction with the requestor by phone or in person
  • Employees are advised to never reply to emails regarding the transfer of funds
  • Employees are advised to be aware of any requests, behavior or language that is out of character for the sender.

If you believe that you have been a victim of this scam, please contact the IT Security:


Telephone: x28299

Contact McMaster IT Security for more information about this and other internet threats, and how we are working to keep you safe:



Twitter: @McMaster_ITSec (


Telephone: x28299