Campus Targeted by Email Wire Fraud

Submitted by stauffeg on

The Office of Information Technology is aware of a fraudulent email scheme, referred to as wire fraud, which has recently targeted a number of CU Boulder departments. These kinds of targeted attacks are being perpetrated with increasing frequency, creativity and intensity.

Wire fraud is a form of identity theft in which a cyber-attack targets individuals, often with financial responsibilities, through a fraudulent email requesting a wire transfer. For example, the attacker spoofs the email address of someone who is in a position of power so that the email appears to come from a campus executive. This type of attack often targets someone based on their ability to generate wire transfers and requests an urgent funds transfer.


Following is an example of an emailed wire fraud attempt that recently targeted someone on our campus:

Subject: Re: Fund Transfer

[addressee's name redacted],

Kindly arrange to transfer $9,500 to the account below;

Bank Name : Commerzbank AG
Bank Address : Martener Str. 369, 44379 Dortmund, Germany
Name on Acc : [name redacted]
Account number : [number redacted]
Sort Code : 20040000
Swift code :COBADEFFXXX
IBAN : [code redacted]
Beneficiary Address : Brennaborstraße 19, 44149 Dortmund, Germany

Reason for transfer: Research costs

[name redacted] is a Senior Research Assistant based in Germany. Let me know when it is sent. I will send supporting documents before the week runs out.

Regards, [sender's name redacted]


Here are some tips to protect against wire fraud:

  • Have an internal callback system where any emailed wire requests require a call back to the email sender.
  • Verify wire requests via email with a new email to the sender (not a reply to the original), and include another individual in case the email account has been compromised.
  • Create internal policies surrounding wire transfers. For example, so they can only be verbally requested within the company, using advanced controls for urgent wire situations. Do not bypass policies or procedures for generating wires based on urgency or seniority of the requestor (i.e. executive management).
  • Be aware of email-generated wires, and check the sender's email address for minor alterations, to verify the identity of the sender (john.doe@company.com as opposed to John.Doe@company.co).
  • Check emails for poor spelling or grammar, and any language not typically used by the sender.

If you responded to a message that resembles the wire fraud example above, you should contact the IT Service Center immediately at 303-735-4357 (5-HELP from a campus phone). If you ever have questions about the legitimacy of a message, please contact the IT Service Center at help@colorado.edu or 303-735-4357 (5-HELP from a campus phone). Find IT Service Center hours and location information.