Beginning on or around January 24, scammers sent a Business Email Compromise (BEC) email message to several people on campus that appears to be from Chase Bank, but was actually a forgery. The subject line reads “Debit Alert.” The body of the email contained a message beginning “You scheduled an automatic bill payment on you credit card” and went on to provide spurious details about a debit transaction, prompting the recipient to click a link if they did not make this payment.
The full message reads:
You scheduled an automatic bill payment on you credit card
Payment amount: $630.00
Effective date: 27/01/2022
Payment authorized on: 28/01/2022
Did not make this payment verify your account information and cancel it
Cancel Payment
If you make this payment between 8 PM ET and 11:59 PM ET, we’ll post your payment for the date you chose, but you can post payment manually.
NOTE: We’ll process this one-time electronic payment as scheduled.
To cancel a payment scheduled for a future date, please click the cancel link above or visit us at chase.com.
This kind of email is difficult to detect and block with security tools because it lacks tell-tales such as links or attachments and contains limited text. For that reason, it’s vital that we are all vigilant against and able to recognize them.
Recognizing BEC Email
You can recognize BEC email by some of the classic signs of phishing emails:
- The email From: line contains an address with a domain name other than legitimate sender’s, in this case “Chase Bank <support@gvit.de>” rather than “Chase Bank <support@chase.com>.”
- The tone of the email conveys a sense of urgency.
- The email contains grammatical errors
As in this case, BEC email may also contain a request for your cell phone number, so the impersonator can shift from email to SMS text messages.
What to do if you receive a BEC email message
If you receive a message like this, you can easily report it using the “report phishing” feature within the Office 365 web or desktop email client or by forwarding the email headers to abuse@wisc.edu.
If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at 608-264-4357 for advice.
If you or someone you know replied to such a message resulting in the loss of funds, report it to:
- Cybersecurity Operations Center (CSOC) at cybersecurity@cio.wisc.edu
- Departmental Leadership
- Departmental finance team (if used university funds)
- The UW-Madison Police Department
- Relevant Banking institution
If you or someone you know responded to such an email and received a text message, ignore them or block them.
Tips for Leadership
Help protect the university and the people in your team, department, unit or division from BEC email scams:
Establish ahead of time how:
- Purchases are to be made and by whom
- You will normally communicate, e.g., only from your @wisc.edu email
- Requests can be verified and by whom
Additional references
- https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise
- https://www.sans.org/newsletters/ouch/ceo-fraud-bec/
- https://www.aarp.org/money/scams-fraud/info-2019/business-email-compromise.html