Information Security

Recognizing and Responding to an Email Impersonation Attack

Last modified 8/25/2022

There are many types of social engineering attacks targeting University members. One that is particularly effective is an email impersonation attack.

Read below on how to detect this type of attack and what you can do to protect your account and data.

Recognizing Email Impersonation Attacks

Signs of Email Impersonation Attacks

The following are several warning signs that you may be a target of an email impersonation attack:

  • The email sender has a display name that matches a real person, but the email address does not match the organization's domain (i.e. @ilstu.edu or @illinoisstate.edu).
  • The person impersonated is often in a position of authority or management within the organization (e.g. deans, directors, chairs, AVPs, VPs, etc.).
  • There is a request for personal help doing a work task with a sense of urgency.
  • There is a request to move from email to text message communication, but not phone or video calls.
  • There is a request to buy gift cards and send photos of their activation numbers.

Note: This type of attack is sometimes described as a "boss" or "gift card" scam.

Responding to Email Impersonation Attacks

If you believe that you are a target of an email impersonation attack, you should take immediate action.

Do Not Respond

It is best to not respond in any way.

If you have responded, especially if you provide any information about yourself, discontinue further email and forward the message to abuse@Ilstu.edu. We will assist in the appropriate steps to take from there.

Contact the Individual Outside of the Email

If you have not yet responded, but believe that there is a chance that the email is legitimate, you should contact the individual through other means than the email. A few examples include:

  • Call them at their office phone number. If not listed, contact their department office instead.
  • Visit their office location in person.
  • Contact someone else you know that works with the individual.

The attacker is trying to impersonate a real person. It is very unlikely that they can do so over official organization phone numbers or in person.