Incident Report for Duke IT
This incident has been resolved.
Posted Dec 20, 2018 - 10:12 EST
The Duke University and Duke Health Security Offices are issuing a warning to the Duke community after a sharp increase in email impersonation attacks targeting Duke staff and faculty.

In these phishing scams, attackers set up an email address outside of Duke (such as Gmail) that appears to be a personal email account for the Duke faculty or staff member they are impersonating. The attacker then sends targeted messages to users who may work in the same department as the impersonated faculty or staff member.

The messages often begin with a simple request such as, "Are you available?" If a user responds, the attacker will ask for money to be transferred or for gift cards to be purchased and the activation code provided via email.

A recent example is posted on the Duke Security website:

The Security Offices want to make sure the Duke community is aware of this scam and to be wary about requests that appear to be of similar nature. We continue to take all practical steps to thwart these and other malicious or fraudulent emails, including making adjustments to the mail system to drop messages that appear to be coming from impersonated email accounts. However, we need your assistance, as well, to report when you receive a questionable email message.

If you receive such an email and are asked to purchase gift cards or asked to transfer funds via wire, please do not respond, and report the issue to and your IT support.
Posted Dec 20, 2018 - 10:10 EST