New phishing tactic embeds phony support info within authentic user account alerts

Please be aware of a new phishing scam tactic that may make its way into inboxes, and follow the advice below.

If you receive any unexpected account or invoice alerts, verify official, published contact info from the company’s own site.

A good cyber-safe habit is to verify an email’s sender and links. However, the new scam uses account auto-alert emails triggered normally by a purchase, address change, and other common account actions. The sender, links, branding, header and footer are all legitimate. However, scam content has been piped into this legitimate wrapper through blind-carbon-copying the intended target.

screen shot of an account alert email showing a "change address" notice with scam "support line" in place of address.

See our article roundup on phishing scams for other phishing tactics, and contact the Information Systems Security Team at infosec@wfu.edu to report cyber threats, scams or phish. For urgent support needs, please contact the Information Systems Service Desk at 758-HELP (4357), live chat with our team by visiting is.wfu.edu/help, or email us at help@wfu.edu.

Information Systems

Where to start

Get to know WFU

Resources

Support Wake Forest

Wake Forest Giving Societies