To penetrate traditional security technologies such as firewalls and anti-virus systems, an attacker needs to have time, resources and technical skills. As such, cybercriminals are more frequently turning to social engineering attacks to try and infiltrate CSU systems and scam staff for financial gain.
Increasingly, scammers are targeting CSU staff with email-based attacks that may appear to be from a supervisor, manager, head of school, dean or other senior CSU staff member.
The initial email from the scammer is intended to elicit a response. If successful, the scammer then replies with claims to be unable to use their phone as they are in a meeting and they need you to help on something very important. If you reply to the second email the scammer will then request you purchase iTunes gift cards and email them photos of the codes on the cards.
We have also seen examples where the scammer sends an email pretending to be a senior person with an urgent request, asking you to change banking details or pay a fake invoice. Often the scam involves building trust through a number of email messages so the requested action won’t arouse suspicion.