IT Security Notice: Executive Impersonation

Please note: Deans, Department Chairs, Directors and Managers will never send employees an email asking them to buy iTunes, GooglePlay or similar gift cards.

Executive impersonation fraud is when criminals pretend to be person of authority at the university, and they send an email message requesting iTunes gift cards, or something similar that can be given as a reward or prize. The request is usually for something that is redeemable online with a monetary value of about $100 – $1000.

There have been many reports of this scam in recent weeks, including at other academic institutions, and the frequency seems to be increasing. McMaster IT support providers have been alerted to this issue.

The scam is possible because it is easy to send an email pretending to be someone else. This is called spoofing. The ploy works because people generally want to help others, especially those with some authority in the organization.

The criminals are pretending to be someone of authority at the university, but McMaster accounts or systems have not been compromised. This is fraud, but it is not identity theft. Unfortunately, it is very difficult to identify the sender let alone hold them accountable.

Identify – Report – Delete

Learn to identify when a message is fraudulent. Here are a few things to look for:

The “reply-to” address is not from the @mcmaster.ca domain. Just hover over the sender’s name in the message to see the “reply-to” address. If it is not @mcmaster.ca, it is not a legitimate message.
The signature isn’t quite right. Does the message look just like other messages from this sender?
Language, vocabulary, grammar…these may all be just a little off.
Also, nobody in the organization will send others an email asking you to buy iTunes gift cards, GooglePlay gift cards or anything similar. If rewards or prizes of small monetary value are required for any reason, the decision and authorization for their purchase should be done in person.

If you do receive one of these messages, please report it to is-spam@mcmaster.ca, then delete it.

Republish this Article for Free

Republish this Article

We believe in the free flow of information. This work is licensed under a Creative Commons Attribution-No Derivs 2.5 Canada (CC BY-ND 2.5 CA), so you can republish our articles for free, online or in print.

All republished articles must be attributed in the following way and contain links to both the site and original article: “This article was first published on Daily News. Read the original article.”

<em>Please note: Deans, Department Chairs, Directors and Managers will never send employees an email asking them to buy iTunes, GooglePlay or similar gift cards.</em>

Executive impersonation fraud is when criminals pretend to be person of authority at the university, and they send an email message requesting iTunes gift cards, or something similar that can be given as a reward or prize. The request is usually for something that is redeemable online with a monetary value of about $100 - $1000.

There have been many reports of this scam in recent weeks, including at other academic institutions, and the frequency seems to be increasing.  McMaster IT support providers have been alerted to this issue.

The scam is possible because it is easy to send an email pretending to be someone else. This is called spoofing.  The ploy works because people generally want to help others, especially those with some authority in the organization.

The criminals are pretending to be someone of authority at the university, but McMaster accounts or systems have not been compromised.  This is fraud, but it is not identity theft. Unfortunately, it is very difficult to identify the sender let alone hold them accountable.

<strong>Identify – Report – Delete </strong>

Learn to identify when a message is fraudulent.  Here are a few things to look for:
<ul>
 	<li>The “reply-to” address is not from the @mcmaster.ca domain.  Just hover over the sender’s name in the message to see the “reply-to” address.  If it is not @mcmaster.ca, it is not a legitimate message.</li>
 	<li>The signature isn’t quite right.  Does the message look just like other messages from this sender?</li>
 	<li>Language, vocabulary, grammar…these may all be just a little off.</li>
 	<li>Also, nobody in the organization will send others an email asking you to buy iTunes gift cards, GooglePlay gift cards or anything similar. If rewards or prizes of small monetary value are required for any reason, the decision and authorization for their purchase should be done in person.</li>
</ul>
If you do receive one of these messages, please report it to <a href="mailto:is-spam@mcmaster.ca">is-spam@mcmaster.ca</a>, then delete it.

Media Enquiries

Phone: (905) 525-9140 ext. 24073
Email: comms@mcmaster.ca

The Communications and Public Affairs Office is staffed from 8:30 a.m. to 4:30 p.m. Monday to Friday.

The University has a broadcast quality television studio to facilitate live and pre-recorded interviews with media. Learn more about our experts.