We have been receiving a large number of attacks via email masking/spoofing techniques, whereby you will receive an email that appears to come from our President Bart Morlion. Sometimes you will see that the email address is incorrect, though sometimes it appears to be the correct email address too.
The attackers start by asking if you are free to talk, then if you respond they follow up by asking that you help EFIC pay an urgent invoice for one of our projects. They may even refer to a project (like a Pain School or endorsed meeting) that sounds plausible. They refer to the Executive Office being unavailable to make a transfer, and ask you to step in until EFIC can repay you.
Typically the figure is 3-5k euros.
We ask you to stay vigilant. The attackers originally targeted only Board members but now seem to be approaching others. They study the information we make publicly available to make the attacks seem like legitimate requests. We will review what information/contact details we place online, though many of you have email addresses publicly available through your universities.
Our understanding is that this is not a ‘hack’ as such. There is no access to our files/emails from these people, though we will look into this further. The method of spoofing email addresses is not difficult to do, and adjusting email settings to block such spoof emails is very difficult to do without blocking a lot of legitimate emails at the same time.
Key messages to you:
- Do not transfer any money for an EFIC project you are unfamiliar with – especially when based on an email request
- Always ask our office for advice if you have any questions when you see something like this
- Try to avoid replying when you get a suspicious email from Bart or Elon that says something like ‘Dear X, Are you free to talk, Thanks. Bart’ – see example attached