Docs Information Security

Advisory - Email Impersonation Attacks

Image Description
Taube, Dan Published on Aug 11, 2020 

Image by Muhammad Ribkhan from Pixabay

With a sense of urgency, these attacks exploit trust

We want to make the University community aware of an increase in email impersonation attacks. These attacks use impersonation of someone that has a working relationship with the recipient.

What we are seeing

The following illustrates recent attacks that have been reported to

SubjectTask Request
FromReggie Redbird <>
ToDan Taube <>

[This message came from an external source. If suspicious, report to]

Hi, Dan
Do you have any free time now? I need your immediate assistance.

Best Regards,
Reggie Redbird
Illinois State University

Sent from my iphone

Gift cards are the objective

In the majority of cases that we have reviewed, these email impersonation attacks are being used to request the purchase of gift cards. Once purchased by the victim, they will ask for the codes that allow them to electronically transfer the funds.

What to look out for

As illustrated above, there are two key things to look for in these recent attacks:

  1. The banner message that indicates that the email came from an external source
  2. The email address of the sender rather than the display name

However, there are more sophisticated methods that these elements might not be present. You may need to rely on your judgement pertaining to the person they are impersonating. Ask yourself whether the person you know would make such a request over email. If in doubt, call the individual making the request at their University number.

In any case, report it

Whether you know that the message is indeed illegitimate, or you need confirmation, please report the message to and we will review it.

Subscribe to Tech Alerts

This specific attack has been published on the University's Tech Alert website at You can subscribe to updates based on the topics you are interested in.

For additional guidance, read our Staying Secure While Off Campus article which includes a section on similar social engineering attacks to this!