PRESIDENT AND ADMINISTRATIVE EMAILS

 

Administrative officials such as Presidents, Provosts, and similar authorities at institutions are common targets for impersonation using fake emails to solicit personal information from students and employees.

Once a hacker has access to a trusted ESU account they can access the ESU address list and email all of campus using their choice of malicious email. The phishing example below was meant to leverage a person’s financial interests.

Important Message from School's Finance Office:

The link https://funhill.com.ng/360/ likely directs you to a phishing site.  Avoid it!

A phishing email with a subject of Important Message from School's Finance Office

A common tactic we are seeing is the following format of impersonation: agarrett30.emporia.edu@gmail.com

Official communications usually include custom headers and footers with Emporia State University graphics.

ESU employees usually include a "signature" that includes ESU graphics, detailed contact info, titles and social media.  The sample above is very generic and is a clue that this is a phishing attempt.