Gift Card Phishing Scams

Over the past few months, OIT has seen a major rise in phishing attempts where malicious actors attempt to exploit money from UA employees. The emails appear to come from a supervisor or another organization leader, and the emails are directed to an employee in that organization or group. This scam has been occurring at UA for several months, beginning with senior leadership.

The emails begin by the malicious actor engaging employees in an email-only conversation that attempts to convince the employee to purchase gift cards. If you look closely, the “From:” email address is not actually a ua.edu email address, but an alternative email address the actor set up outside of UA.  The email address may appear to come from a UA contact, but it is usually a Gmail, AOL or other external email address that includes the name of the supervisor or leader. Often, the emails have poor spelling and grammar. Additionally, the emails are usually brief and may only be a subject line. Below are a few examples of these emails.


Subject: Hi [NAME OF TARGET]

Good morning,

 Are you in the office? If not please i have an important errand i want you to run for me in the store right now? 

Thanks

Best Regards.

[NAME OF THE SUPERVISOR OR LEADERSHIP]

Executive Director


Subject: Hello Are you in compus


Subject: Hello

Are you available on campus 


Do not be fooled by these phishing emails. Remember to always look at the “From:” address to make sure it is an actual supervisor or leader’s ua.edu email address. If you do receive an email like this, please send a copy to security@ua.edu, and then delete the email.