Please be cautious :-)



Anfang der weitergeleiteten Nachricht:

Von: christian.tschudin@unibas.ch
Betreff: [sira-news] Beware of a Social Engineering Scam, targeted for Research Groups
Datum: 11. November 2024 um 08:32:37 MEZ
An: sira-news@list.inf.unibe.ch

Dear all,

last week our Department was subject to a sophisticated social engineering attack that successfully managed to hoax three employees. It resulted in the damage of several thousands CHF. Please warn your collaborators.

It starts by a semi-aggresively looking email with the subject "Urgent Action Required" sent on behalf of a PI, addressed to the first name of a collaborator:

Dear X
I'm contacting you to handle a short assignment right now. I would
welcome your support and urgency.
I hope you can help and look forward to your response.
Best Regards
Dr. Y
Head & Professor, Z Group, Department of Mathematics and Computer Science
P.S: Send me your WhatsApp phone number

The scam exploits the power relationship between PhDs/PostDocs and their supervisor. The scammer carefully extracted all names and photos from our Web site, probably weeks ago, in order to create the following attack vector:

The collaborator, after sending back the phone number via email, will receive a contact request in WhatsApp where the photo of the PI is shown. In a clever dialogue, the collaborator is steered towards buying physical Apple Gift Cards whose validity is verified online, all while using WhatsApp. It goes without saying that the cards are redeemed immediately. Requests for talking on the phone are dismissed ("I'm busy and in a meeting right now").

Unfortunately, most email clients as well as WhatsApp, hide the true sender addresses and you only see the sender's Display Name. The email sender was <mimiadacharles@mail.com> and the phone number used behind WhatsApp is a German one.

Three grad students and Postdocs fell for the attack and, although hesitant, did not cross-verify because it would seem impolite to ask the supervisor "are your really X?", it would also introduce delay into the urgent request handling.

Thanks, Christian Tschudin