Executive Impersonation, Smishing & Gift Card Scams

Learn how to recognize executive impersonation scams targeting NCU staff — including fake text messages from "leadership," urgent gift card requests, and AI-enhanced personas that are increasingly difficult to detect.

How these scams work

Executive impersonation scams work by combining two things that are hard to resist: authority and urgency. A scammer impersonates a dean, cabinet member, or your direct supervisor — then creates a situation where you feel pressure to act quickly without going through normal channels.

Most arrive by text message (smishing) because it feels personal and immediate, and because personal cell numbers aren't protected by university email filters. The message typically opens with something low-stakes — "Are you available?" or "I need a quick favor" — before the real ask appears.

The "favor" is almost always one of two things: purchasing gift cards and sharing the redemption codes, or transferring a file or taking an action that bypasses a normal approval process.

AI has made these scams dramatically more dangerous

These attacks used to be relatively easy to spot. AI has changed that across every dimension:

  • AI researches you before making contact. Attackers use AI tools to scrape LinkedIn, university directories, department websites, and public social profiles — building a profile of your role, your supervisor's name, your team structure, and how your department communicates. The message arrives already knowing things about you that feel impossible for a stranger to know.
  • AI builds a convincing persona in real time. The "executive" in the conversation isn't a static script — it's an AI-assisted interaction that can answer follow-up questions, adjust its tone, and respond naturally to pushback. The more you engage trying to verify, the more convincing it becomes.
  • AI writes with perfect tone and no errors. The old tell — broken English, awkward phrasing, obvious typos — is gone. AI generates polished, professional messages that match the communication style of whoever it's impersonating.
  • Deepfake audio is now a follow-up tool. After a convincing text exchange, some attackers follow up with a voicemail or short voice clip that sounds like the executive — generated from publicly available audio. If someone "calls you back" to confirm the request, that alone is no longer sufficient verification.

The result: these scams are more personalized, more responsive, and harder to dismiss than anything that came before. The safeguard isn't trying to out-think the persona — it's refusing to act on any financial or data request that arrived through an unofficial channel, regardless of how convincing it seems.

Red flags to watch for

Red flags in the message

  • Arrives by text, not university email
  • Opens with "Are you available?" or "Can I ask a favor?"
  • Claims to be "in a meeting" or "traveling" — unavailable to talk
  • Asks you to keep the request confidential
  • Requests gift cards, wire transfers, or Zelle
  • Sends from a Gmail, Outlook, or unfamiliar number
  • Asks you to act before you can verify

Red flags in the situation

  • The request bypasses normal approval processes
  • The "leader" is conveniently unreachable to confirm
  • There's a time pressure — "I need this in the next hour"
  • The ask involves money, gift cards, or sensitive data
  • It would be embarrassing or seem disrespectful to question it
  • You've never received this type of request before
What these messages look like

These are representative examples based on scams reported at NCU and peer institutions. The details change — the pattern doesn't.

Smishing example — gift card ask

"Hi, this is [Dean's name]. I'm in back-to-back meetings and can't talk. I need you to pick up 4 Apple gift cards — $100 each — for a donor recognition gift. I'll reimburse you today. Can you handle this? Please keep it between us for now."

Why it works: Name-drops a real person, creates urgency, offers reimbursement to make it feel legitimate, and asks for secrecy to prevent verification.

Email example — file transfer ask

"I'm traveling and don't have access to the portal. Can you send me the current payroll summary for the department? I need it before my 2pm call. Don't worry about going through the normal request — I'll sort it with HR when I'm back."

Why it works: Traveling creates a plausible reason to bypass normal channels. "I'll sort it later" removes the perceived need to follow procedure.

AI has made the "wrong number" test unreliable

Scammers used to give themselves away by not knowing the name of your actual supervisor or department. AI-assisted attacks research NCU's org chart, staff directories, and public social profiles before contacting you — so the name, title, and context may all check out. The phone number or email address is often the only thing that's wrong.

NCU hard rules

These are not guidelines — they are absolute. No legitimate NCU business ever works this way.

If any of these apply, it is a scam — full stop

  • NCU leadership never requests gift card purchases by text, email, or any message. Gift cards are not a payment method for any university business — ever.
  • No supervisor or executive will ask you to bypass an approval process because they are traveling or unavailable. University procedures exist precisely for situations where decision-makers are unavailable.
  • No legitimate request will ask you to keep it confidential from your own team. Secrecy is a manipulation tactic, not a business requirement.
  • Reimbursement promises do not make a request legitimate. Scammers always promise to pay you back — they never do.
  • A real emergency does not remove the need to verify. If it's genuinely urgent, a real supervisor will make time for a phone call. Call them on a number you look up — not one from the message.
What to do

I received a suspicious message

  1. Do not reply, do not click any links.
  2. Verify by calling the named person directly — look up their number from the NCU website or your contacts, not the message.
  3. Forward the message to IT: incident@northcentral.edu

Full reporting steps: Reporting a Phishing Scam or Suspicious Email

I already sent gift cards or money

Act immediately — speed matters:

  1. Call IT now: 612.343.4170
  2. Contact your bank or the gift card issuer immediately — funds may be recoverable if reported fast enough.
  3. File a report with local police if money was transferred.
  4. Email: incident@northcentral.edu

Full recovery steps: Help! I Have Been Phished!

Print Article

Related Articles (1)

What to Do if Your Account is Compromised
If you believe someone has unauthorized access to your NCU account, every minute counts. Learn the immediate steps to stop the damage, secure your account, and report the incident to IT.

Related Services / Offerings (1)

Report Information Security Incidents
If you suspect a potential security issue involving any private information—whether the information is on a computer, on paper, on the web, etc.—immediately report the details to IT.