A recent phishing scam involved an unknown and nefarious person who sent an email to faculty in my department 'from' one of our departmental colleagues who had an emergency whilst traveling and needed a quick infusion of cash. This scam is surely being repeated in other departments/universities.
The fascinating thing is that this email appeared to be from the only person in my entire department who actually might end up unexpectedly and unannounced in a foreign city and then lose wallet, phone, and everything else and suddenly need money sent. This person is also the only one who is likely to attempt such a transaction entirely by vague email to colleagues.
Given that the basic scenario was actually kind of believable in the case of this particular person, the other fascinating aspect involves how various other departmental colleagues detected the scam. I have conducted an unofficial poll, and there are two strong contenders for the primary red flags:
1. The email opens with a polite statement that says the sender hopes that we and our families are well. Our real colleague would never ask about our families (or us).
2. The email, although not well written, is surprisingly cogent and includes capital letters and punctuation. That would be very uncharacteristic of our colleague.
This made me wonder what would signal a scam email (or blog post) that appeared to be from me but was not really from/by me. Would a giveaway be references to sports or other important American Cultural Icons? Photos of dogs? A poem extolling my fondness for university accounting systems? An ode to faculty meetings?
9 months ago