A couple of recent phishing scams, referred to as a “Business Email Compromise (BEC),” have been targeting universities to steal funds through the purchasing process.
The first phishing scam targets suppliers that do business with campus by using Berkeley emails as the hook. These attacks involve purchase orders and requests for quotes that appear to come from the University, but are in fact fraudulent.
- Monitor your inbox and restrict the use of auto-forwarding and inbox filtering rules so you don’t miss emails.
- Be suspicious if you think you might be missing or not receiving emails, investigate immediately.
The second phishing scam targets Universities in the midst of construction projects. The hackers compromise or spoof emails for known business partners working through the Berkeley purchasing process to reroute payments from the authentic company to themselves.
- Be suspicious of any requests to changes in the payment processes.
Verify all changes in payment and financial information via phone or in person with a known and trusted individual.
We encourage you to be skeptical and if you are unsure whether an email is legitimate, send an email to firstname.lastname@example.org or call 510-664-9000.