Recent Security Events

What should you be aware of?

In an effort to keep Kent State University a #CyberAware campus, the office of Security and Access Management will keep you up to date with the most recent scams to help prevent you from becoming a victim.

Gift card purchase scam

Be advised, we have received reports of an email scam targeting Kent State employees that impersonates supervisors and other trusted members of the University to request the purchase of gift cards.

If your department currently makes gift card or other purchases in this manner, you have a heightened risk of falling victim to this type of scam. Please avoid requesting these items or any monetary transactions via email. These requests should be done in a way that university employees can verify the legitimacy of the inquiry. If you do receive a request of this type, please verify with the sender of the email that the inquiry is legitimate through other trusted avenues (e.g. by verifying the request in-person/via phone call/via text etc.).

Becoming aware of common red flags will help you identify and report this threat:

  • The email will appear to come from the targeted employee’s supervisor/trusted source.
    • The attacker will change their “Send Mail As” address to appear as if it came from the supervisor/trusted source.
    • Please view the following for analyzing the “Send Mail As” address within the web browser version of Outlook and the Outlook client (notice that the email address does not match the sender’s name):

Web browser version of Outlook:

Outlook client:

  • The attacker will state that they are in a meeting or are otherwise unavailable and ask if the target is available for a favor/errand.
  • Once the target has responded to the initial email, the attacker will ask the staff member to purchase the gift cards and they will reimburse them once the supervisor/trusted source returns to the office.
  • There will be a sense of urgency (e.g. This is very important/get this done as soon as possible).
  • The email may include a copy of the supervisor’s email signature.

For additional information regarding this scam or if you have fallen victim, please read this article written by the Federal Trade Commission. If you do receive a request such as this via email, please report it immediately to our office by following these steps.