IT Security Notice: Executive Impersonation

Please note: Deans, Department Chairs, Directors and Managers will never send employees an email asking them to buy iTunes, GooglePlay or similar gift cards.

Executive impersonation fraud is when criminals pretend to be person of authority at the university, and they send an email message requesting iTunes gift cards, or something similar that can be given as a reward or prize. The request is usually for something that is redeemable online with a monetary value of about $100 – $1000.

There have been many reports of this scam in recent weeks, including at other academic institutions, and the frequency seems to be increasing.  McMaster IT support providers have been alerted to this issue.

The scam is possible because it is easy to send an email pretending to be someone else. This is called spoofing.  The ploy works because people generally want to help others, especially those with some authority in the organization.

The criminals are pretending to be someone of authority at the university, but McMaster accounts or systems have not been compromised.  This is fraud, but it is not identity theft. Unfortunately, it is very difficult to identify the sender let alone hold them accountable.

Identify – Report – Delete 

Learn to identify when a message is fraudulent.  Here are a few things to look for:

  • The “reply-to” address is not from the domain.  Just hover over the sender’s name in the message to see the “reply-to” address.  If it is not, it is not a legitimate message.
  • The signature isn’t quite right.  Does the message look just like other messages from this sender?
  • Language, vocabulary, grammar…these may all be just a little off.
  • Also, nobody in the organization will send others an email asking you to buy iTunes gift cards, GooglePlay gift cards or anything similar. If rewards or prizes of small monetary value are required for any reason, the decision and authorization for their purchase should be done in person.

If you do receive one of these messages, please report it to, then delete it.