There continues to be a spear-phishing campaign occurring at UNL regarding requests for wire transfers, and recently organizations affiliated with UNL have been targeted.  These types of organizations may include student/greek organizations, ‘Friends of …’, Parent, Emeriti or Staff Associations.  The situation is an email is created and set to a targeted person, such as a Treasurer, to process a wire transfer.  The email appears to be coming from a trusted sender, such as a President, who might normally ask for a wire transfer.  However, upon further verification through a phone call, it is found that the email is fake, an attempt to illegally get funds, and is a phish email.  


Some of the targets of actual attempts of wire transfer fraud include staff organizations, Business and Finance offices, various academic offices, as well as upper administration.  The thief instigating the emails has done research to target very specific individuals – namely a student organization’s president and treasurer; and an accounting specialist and office manager.  


When you receive an email that is a request of a wire transfer, make sure you follow your established procedures.  If you do not have it in your procedures to verify via a phone call, for the time being, you should follow up with the person requesting the wire transfer through a phone call.  If you find that the email sent is not real, contact the ITS Information Security team.  With a copy of the original email forwarded as an attachment to [log in to unmask] <mailto:[log in to unmask]> , the security team can verify the sender of the email.  Recent attempts have used a technique called spoofing.  Spoofing disguises the actual sender of an email to look like another person’s email account.  For example, an email appears to be from [log in to unmask] <mailto:[log in to unmask]> , but when looking at the Internet email headers, the actual sender was an account from [log in to unmask] <mailto:[log in to unmask]> .  Most users do not look at the email headers, they just look at the information in the FROM field.  If an email uses the spoofing technique, it means the email account in the FROM field was not used to send the email.  This means the email account was NOT hacked.  


Remember, when receiving emails asking for a wire transfer, verify the request by calling the sender.  Do not reply to the email asking for verification; verification needs to be done by picking up the phone and calling the sender.  If you have any questions or concerns, please contact the ITS Information Security team at [log in to unmask] <mailto:[log in to unmask]> , or 402-472-5700.



 Cheryl O



Cheryl O’Dell, CISSP, GCFE

Sr. Information Security Analyst

University of Nebraska-Lincoln

126 501 Building, 68588-0203

(402) 472-7851  

[log in to unmask] <mailto:[log in to unmask]> 


Information Technology Services

Connecting people, ideas and technology for a better University, a better you.