Dear members and all who may receive emails from CSSR,
Members of our executive have recently received several fake emails from “Tania S. Smith” purportedly sent from “firstname.lastname@example.org” and requesting payment of invoices, etc. When the recipient hits “reply,” the email gets sent to an unknown email address.
Please be advised that we do not SEND any individual emails originating from our @cssr-scer.ca email addresses EXCEPT announcements sent from our website mailing list. Our list address is not published online or stated here in order to keep it secure. Our email digests via MailChimp come with the subject line “Posts from … for [date]” and have a blue/teal background when viewed in HTML.
Yes, we do own cssr-scer email addresses, but they are only used for receiving public inquiries from our website TO our current executive committee members. Our website host is set up to forward these email inquiries to the individuals currently serving in those roles. It forwards your message to them at their preferred email address. When you get a reply from them, it will not come from a cssr-scer.ca email address.
Don’t worry, our website and mailing list security and privacy have not been compromised. There is nothing we as the CSSR can do to prevent such scams from occurring. They can happen to any organization that has names and emails published online. All the scammer needs to know is the person’s real name related to a particular email address, and then they need to know the email addresses of some people who may expect to receive emails from that person.
Any public name and email address is vulnerable to forgery of this type. If your name and email are published on your university website, it also can be forged in an email sent to anyone you’re publicly known to be affiliated with.
For more information on this type of email spam, see this page from the University of Chicago advising their own staff about this issue: https://answers.uchicago.edu/page.php?id=28859