Skip to main content

Highly sophisticated email fraud is leveraging Cornell names and relationships

An increasing number of individuals at Cornell have received an email that appeared to be from a well-known colleague. Requests for funds up to $9K have nearly been approved--be vigilant.

One such email looked something like this:

Hi <Person's name>,

Can you process an international wire transfer today? Let me know.


<The name of a well-known colleague>

There were no red flags. The from address appeared correct--it showed it had been spoofed. The email didn't have any suspicious links, and it leveraged an established/expected work relationship for a common request.

The recipient replied with a few details, to which the following response was received:

Thank you, <Person's name>

Reason for transfer: Research costs

Dr. <Actual faculty name> is a Senior Research Assistant based in the UK. Let me know when it is sent. I will send supporting documents before the week runs out.

Kindly arrange to transfer $9,000 to the account below.

Bank Name : <Real bank name>
Bank Address : <Real address>
Account number : <Real account>


<The name of the well-known colleague>

STILL, there were no red flags. Everything about the exchange was par for the course with previous communications and requests between the coworkers. Fortunately, the recipient realized it was a scam by asking about the transfer in person BEFORE sending the money.

What we can learn from this:

  • FROM ADDRESSES ARE EASY TO SPOOF. Spoofing is when the "from" address is forged by the sender to make an email appear to be from someone else, usually someone you know.

  • ANYONE, INCLUDING YOU, CAN BE TARGETED. These kinds of scams, called spear phishing because they are so highly targeted, are increasingly common at Cornell.

  • IT'S EASY FOR SCAMMERS TO LEARN YOUR COLLEAGUES' NAMES AND RESPONSIBILITIES. Information about what we do is available online to the public, including job names and descriptions. 

  • EMAIL IS NOT ENOUGH. Build processes into your work to verify requests in more than one way. Even if you think you know the person, call and confirm, walk over to ask, or hold a quick video chat.

This message has been posted in the IT@Cornell Security Alerts, and it will appear in the IT News Bulletin on December 18. Please pass it along to people in your department who you believe could benefit.

Thank you for your help keeping Cornell's data safe.

IT Security Office

Was this page helpful?

Your feedback helps improve the site.