Alert - Fraudulent emails

In the past month we have seen an uptick in fraudulent email attacks that are being targeted at NJIT Faculty and Staff. These targeted emails are cyber criminals that are impersonating NJIT executives to trick you into revealing sensitive information in which the criminal can profit from. This new email attack is called CEO Fraud, also known as Business Email Compromise (BEC).

In most cases, the cyber criminals are after money, personally identifiable information, and in some cases want you to open an attachment which contains malware. What makes these attacks so dangerous is cyber criminals research their victims before launching the attack. This makes the email appear to be from someone you know.

A short video summarizing the information below https://youtu.be/CeHBEmH7_r4

Some popular scams that the cyber-criminal will ask for are:

  • Sending a wire transfer or asking for gift cards
  • Updating tax information, direct deposit information, or responding back to the IRS
  • Paying an overdue invoice, rerouting payments

So, what can you do to protect yourself? Common sense is your best defense. Here are the most common clues to look for:

  1. The email is very short (often only a couple of sentences), urgent, and the signature says the email was sent from a mobile device.  It will normally be from a company you do business with or from someone you know.
  2. There’s a strong sense of urgency, pressuring you to ignore or bypass University policies. Always follow work-related policies and procedures, even if the email appears to come from your boss, a Dean or even the President.
  3. The email appears to be work related but uses a personal email address, such as @gmail.comor @hotmail.com.
  4. The email appears to come from a senior leader, coworker, or vendor you know or work with, but the tone of the message does not sound like them.
  5. Payment instructions are provided, but these instructions differ from ones you already received, such as requesting immediate payment to a different bank account.

If you suspect you have been targeted at work, stop all interaction with the attacker and report it to your supervisor and abuse@njit.edu. If you have been targeted at home and you have fallen victim where a wire transfer was made, immediately report it to your bank, then to law enforcement.

If you have any questions about NJIT's cyber security efforts, or need to report an incident, please contact the IST Service Desk at 973-596-2900 or https://servicedesk.njit.edu

Last Updated: January 28, 2019