Phishing Impersonation Attacks

The phishing "impersonation" problem is something that is very hard to deal with from a technical perspective:

  • There are LOTS of people to impersonate (virtually any supervisor is a target)
  • Impersonation can take many forms, e.g.,
    • just a name in the body of the message
    • a personal name associated with the sender
    • an external address that looks like it belongs to the person being impersonated
  • It's up to the recipient to apply a "smell" test:
    • Does the real sender match the impersonated sender?
    • Does the message come from the impersonated sender's UNI email address?
    • Does the content and what's shared from where make sense?
    • Remain skeptical about the authenticity of the message
  • Perhaps even contact the impersonated sender, not by replying to the questionable message but by reaching out via direct email, a phone call, or a face-to-face question.

If the message seems at all odd, it almost certainly is a phishing attempt.  Better to think a real message is phishing than vice versa! You will be forgiven (or certainly should be!).

  • ITTC 36
  • (319) 273-5555
  • Service Hub