“Are you free at the moment? Let me know ASAP.”
This is the kind of email that may get your attention, especially if it’s from someone higher up in your organization. But be on guard – most likely it’s an email scam that’s been making the rounds. The Security Team in Information Systems and Technology (IS&T) has received several reports about it.
Here’s how it works:
You get a short email from someone in your organization, usually a higher-up, saying that they need you to respond ASAP. If you respond, usually they ask you to purchase gift cards or wire money somewhere.
The scammer has just spoofed the email address that it appears to be coming from (often just changing the display name), not compromised any account. Often scammers will target an entire lab or one person’s direct reports. The MIT organization structure is openly available on our websites, which makes it easy for scammers to get contacts.
Here’s an example:
From: Tim Beaver <firstname.lastname@example.org>
I would like to know if you are free at the moment? Let me know ASAP.
So don’t fall for this fake request if you get one. Instead, take a minute to read up on common email scams in the Knowledge Base.