message-gc7f8c9ed2_192019 August 2021

What is spoofing?

Spoofing occurs when a bad actor is impersonating someone you trust or know in order to elicit a response from you. For instance, a bad actor may be pretending to be your head of department or even a colleague you know. Although spoofing can be done in many ways, the most common spoofing attempts at LSE are through email.

 These are a few instances where LSE staff and students have received a spoofing email.

 1) Here we can see that someone is pretending to be a professor. However, if you look carefully at the sender, it is sent from a non-LSE domain.

2) In the next example, we can also see that the email was sent from a non-LSE domain, but the bad actor has cleverly structured the email by adding a signature to trick people into believing it is a legitimate email.

Please note that spoofing emails will almost always contain words such as 'hurry', 'urgent', 'ASAP', 'help', which will trick receivers into replying quickly without thinking.  

Recent spoofing at LSE

A student thought he was responding to an email from a professor from LSE requesting money to buy gift cards. Unfortunately, it was a spoofed account and he paid out £250 in gift cards!

Another example is when a researcher responded to a “I would like to work with you on a research request” from a spoofed professor from Melbourne University. The researcher ended up giving his LSE credentials to a phishing link. The IT team then had to disable his account to prevent further compromise.

What to do when you receive spoofing emails? 

1.     Don’t engage with the sender. Treat every mail with caution.

2.     Always read the sender and check the actual email of the sender. Sometimes, the actual email may be hidden. In these cases, you can follow this guide to view the full message header.

3.     Send the email as an attachment to phishing@lse.ac.uk where we can check the legitimacy of the email for you.

Block the sender.