In a Business Email Compromise (BEC) scam, scammers send a bogus email message in which they impersonate a university leader or colleague. The email asks an employee to contact them for an important task. That “important task” is likely a request to perform an action that results in monetary loss to the employee or the university and financial gain for the scammer. Such scams can also risk the university’s reputation.
On Saturday, October 23 scammers sent a BEC email message to several people on campus that appears to be from a campus leader’s personal Gmail account, but was actually a forgery. The subject line contained a request that recipients reply, sending their cell phone number. The body of the email contained only an email signature containing the name, title and contact information of the person being impersonated.
This kind of email is difficult to detect and block with security tools because it lacks tell-tales such as links or attachments and contains limited text. For that reason, it’s vital that we are all vigilant against and able to recognize them.
Recognizing BEC Email
You can recognize BEC email by some of the classic signs of phishing emails:
- The email From: line contains an address from Gmail or another free email service rather than an @wisc.edu address.
- The tone of the email conveys a sense of urgency.
As in this case, BEC email may also contain a request for your cell phone number, so the impersonator can shift from email to SMS text messages.
What to do if you receive a BEC email message
If you receive a message like this, you can easily report it using these instructions:
Outlook users:
To report phishing emails received via Outlook, please click the “Report Phish” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to the UW–Madison Cybersecurity Operations Center (CSOC).
Non-Outlook users:
If you do not see the “Report Phishing” button, then forward the message as an attachment (Source: KB 34567) to abuse@wisc.edu. Please do not simply forward the questionable email, as this will prevent us from seeing the header of the message and make it difficult to take appropriate action.
For additional information, please refer to: Office 365 – Submit a message as spam/phishing (Source: KB 45051).
If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk (608) 264-HELP (4357) and ask for advice.
What to do if you replied to a BEC email message
If you or someone you know replied to such a message resulting in the loss of funds, report it to:
- Cybersecurity Operations Center (CSOC) at cybersecurity@cio.wisc.edu
- Departmental Leadership
- Departmental finance team (if used university funds)
- The UW-Madison Police Department
- Relevant Banking institution
If you or someone you know responded to such an email and received a text message, ignore them or block them.
Tips for Leadership
Help protect the university and the people in your team, department, unit or division from BEC email scams:
Establish ahead of time how:
- Purchases are to be made and by whom
- You will normally communicate, e.g., only from your @wisc.edu email
- Requests can be verified and by whom
Additional references
- https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise
- https://www.sans.org/newsletters/ouch/ceo-fraud-bec/
- https://www.aarp.org/money/scams-fraud/info-2019/business-email-compromise.html