Join the fight against impersonation emails

There has been a significant rise in the number of impersonation emails being sent to ACU staff recently.

Impersonation emails, also called spoof attacks, mimic the identity of a real person and attempt to influence the receiver in a malicious way. Often, the person being impersonated is in a position of authority over the receiver or in the ACU community, such as executives, directors, or managers.

Common requests from these impersonation emails include instructions to:

• urgently perform a task and reply via email only
• purchase gift cards
• change bank account details for salary payments
• share personal information for other staff, students, or yourself
• pay invoices urgently or transfer funds to an account.

How to identify impersonation emails

While impersonation emails follow many of the same patterns as other phishing emails (e.g. bad spelling and grammar, strange links, urgency), impersonation emails require extra attention to the following:

• Is this email unexpected or from someone you don’t normally interact with?
• Is the email using a staff name, but does not come from their ACU account? (the sender’s address originates from outside of ACU - Gmail, Hotmail, Yahoo)
• Does the email use a generic greeting rather than your name?
• Is the email trying to bypass set university procedures (e.g. not using Tech One to pay invoices)?

What to do if you encounter an impersonation email

If an email seems suspicious, do not reply directly to the email. Instead, send a new email to their ACU address or call them on their ACU phone number and confirm the instructions.

If you suspect or have identified an impersonation email, you can click the ‘Symantec Report Email’ button in Outlook.

This sends a notification to the Cyber Security team, who will investigate and eliminate the email.

What to do if you’ve acted on an impersonation email

If you’ve innocently fallen victim to an impersonation email scam, it can be easy to feel embarrassed and pretend nothing has happened. Impersonation emails are successful because they can be so tricky to identify, so there’s no need to feel embarrassed.

The important thing is to alert the IT Cyber Security team as soon as you suspect something has happened. The ACU Cyber Security has dealt with many impersonation email scams and can help to mitigate the effect of the scam.

Report an incident

If you have fallen for a scam or provided your username/password, report the details via a general enquiry in Service Central. The issue will be triaged and escalated to the relevant directorates (e.g. IT, Finance or HR) to take appropriate actions.

You may also be invited to attend training to help you avoid similar situations in the future.

Don’t hesitate to use the Report Email button any time an email seems suspicious.

For more information on spotting scam emails, join the Cyber Security Workplace group.