Phishing Alert: Impersonation of McMaster University’s President

Description of Phishing Attempt:

A text message was sent, falsely claiming to be from McMaster University’s President. The message is designed to trick the recipient into responding under the pretense of urgency and familiarity. This type of phishing is known as “CEO Fraud” or “Business Email Compromise (BEC)”, where attackers impersonate high-level individuals within an organization to extract sensitive information or manipulate the recipient into performing actions such as wire transfers or data disclosures.

Screenshot of Phishing Message:

Text of the Message:

[First name] [Last name], Are you free?

[Name of person that is being impersonated]

How to Protect Yourself:

1. Verify the Sender: Always verify the identity of individuals claiming to be someone important, especially if the message seems out of the ordinary.
2. Avoid Immediate Responses: Be cautious of messages asking for a quick response, especially from unknown contacts.
3. Don’t Share Personal Information: Legitimate communications will not ask for sensitive information via text.

Important Notes:

1. Look for Unverified Contacts: Phishing messages often come from unknown or unlisted numbers. Always verify the sender using official contact information.
2. Check for Grammar or Spelling Errors: Many phishing emails contain subtle grammar or spelling mistakes, which can be a sign the email isn’t legitimate
3. Report Suspicious Messages: Reporting phishing attempts helps prevent others from falling victim to these attacks. Send suspicious messages to is-spam@mcmaster.ca for review and investigation.