University of Wisconsin–Madison
A thief with a fishing pole catching a key

BEC Email phish: scammers impersonate leadership

In a Business Email Compromise (BEC) scam, scammers send a bogus email message in which they impersonate a university leader or colleague. The email asks an employee to contact them for an important task. That “important task” is likely a request to perform an action that results in monetary loss to the employee or the university and financial gain for the scammer. Such scams can also risk the university’s reputation.

Before COVID-19, we saw scammers use this technique to attempt to trick victims into buying gift cards from various sources using their own credit cards and promising later reimbursement. Since COVID-19, we’ve seen a number of other attempts including an attempt to impersonate Chancellor Rebecca Blank in connection with COVID-19 response efforts. 

From: chancellor.edu.ku@gmail.com <chancellor.edu.ku@gmail.com>
Date: Tuesday, August 31, 2021 4:13 PM
To: COVID-19 Response <covidresponse@vc.wisc.edu>
Subject: Important

Are you available?

standard placeholder image for an image file which can't be dsiplayed

Best Regards

Rebecca M. Blank
Chancellor

This kind of email is difficult to detect and block with security tools because it lacks tell-tales such as links or attachments and contains limited text. For that reason, it’s vital that we are all vigilant against and able to recognize them.

Recognizing BEC Email 

You can recognize BEC email by some of the classic signs of phishing emails:

  • The email From: line contains an address from Gmail or another free email service rather than an @wisc.edu address. 
  • The tone of the email conveys a sense of urgency. 

BEC email may also contain a request for your cell phone number, so the impersonator can shift from email to SMS text messages. 

What to do if you receive a BEC email message

If you receive a message like this, you can easily report it using the “report phishing” feature within the Office 365 web or desktop email client or by forwarding the email headers to abuse@wisc.edu

If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at 608-264-4357 for advice. 

If you or someone you know replied to such a message resulting in the loss of funds, report it to:

Tips for Leadership

Help protect the university and the people in your team, department, unit or division from BEC email scams: 

Establish ahead of time how:

  • Purchases are to be made and by whom
  • You will normally communicate, e.g., only from your @wisc.edu email 
  • Requests can be verified and by whom

Additional references

Historical UW-Madison awareness on specific BEC campaigns: