sheridan
IT Services

Trust Your Gut, Not “Your Boss”

[Oct. 7, 2019] O.k., you can trust your boss in most instances, but if you receive email from them asking you to buy gift cards you should think twice.

Recently, users at Sheridan and other educational institutions across the country have been targeted by a spear phishing* scam where individuals are asked to purchase gift cards on behalf of a colleague or superior. The scam works like this:

* Spear phishing attacks involve the fraudulent practice of sending emails from a seemingly known sender in order to induce targeted individuals to reveal confidential information, or in this case, purchase gift cards.

Example

From: Janet Morrison < Janet.Morrison @gmail.com>
Reply-To: Janet Morrison < Janet.Morrison@gmail.com>
Date: Wednesday, November 7, 2018 at 2:57 PM
To: NAME REDACTED <REDACTED@sheridancollege.ca>
Subject: Hello

Are you available at the moment?

Best Regards,
Janet Morrison
President
Sheridan College

From: Janet Morrison < Janet.Morrison @gmail.com>
Reply-To: Janet Morrison < Janet.Morrison@gmail.com>
Date: Wednesday, November 7, 2018 at 3:31 PM
To: NAME REDACTED<REDACTED@cmu.edu>
Subject: Re: Hello

I'm tied up in a meeting right now, Can you purchase iTunes Gift Card 3 pieces - $100 each? I would reimburse you when I'm through here, Let me know also I would prefer to call you but I can't receive or make calls during this meeting.

Please, I need this right away.

Thanks
Janet Morrison
President
Sheridan College

What Should You Do?

Although we all want to please the boss, you should never blindly comply with a request like this. It’s always best to confirm face-to-face or via a known phone number if the request is legitimate.

And of course if you ever have questions or concerns about the validity of an email, you can always contact IT Security at itsecurity@sheridancollege.ca.

Further Reading