Screenshot of malicious email:
On July 26th, 2021, the piano giveaway scam that has recently been targeting the DePaul University community saw another resurgence.
The scam campaign was sent through a compromised DePaul University email account, which was abused by the malicious actor in an attempt to lend false credibility to their impersonation attempt.
The malicious email encourages recipients to email an external non-DePaul email address to express interest in the "piano". Once the victim emails the external email address, the malicious actor will request personal and/or sensitive information from the victim, and carry out the next steps in the scam.
Some indicators that this email is malicious:
- Numerous spelling and grammatical errors
- Replies are directed to a non-DePaul email address
- Replies are solicited to come from the victim's private email address (which helps the malicious actor avoid detection)
- Promises of extreme monetary gains (i.e. an expensive grand piano)