Are you available?

We’re seeing a large number of attempted Business Email Compromise (BEC) emails where the scammer impersonates a manager or leader to engage the recipient in a conversation thread. There’s no initial request, but once a conversation is started, the scammer will ask the recipient to purchase a number of gift cards (or engage in a financial transaction). Industry reports indicate a high susceptibility rate to this type of scam.

BEC attempt example:

----------------------
Email #1

From RIT LEADER NAME <RITEmailaddress@externalemail>
To: Your name
Subject: Are you available?

NAME,

I’m in a meeting right now and that’s why I’m contacting you through here. I should have called you, but phone is not allowed to be used during the meeting. I don’t know when the meeting will wrap up and I need you to help me out on something very important right away.

RIT LEADER NAME
----------------------

Email #2 (Sent to recipients that respond)

From RIT LEADER NAME <RITEmailaddress@externalemail
To: Your name
Subject: RE: Are you available?

NAME,

I need you to get to any store around and purchase Amazon cards of $100 face value, I need 10 pieces of the Amazon card,That's $100 X 10 = $1000.

Once you purchase the gift cards, Scratch the card to reveal the code at the back of the Amazon gift card. Email me the picture of the Amazon gift cards showing the codes,along with the purchased receipts as a proof for documentation.

I will reimburse you personally later.

RIT LEADER NAME

Phish screenshot: