A weird new form of email scam

OK, we all know that spam we get—sometimes spoofed as if from our own email address!—telling us to click on some link.

Scene 1

The other day I got a new sort of spam. It was from a colleague, the subject line was “Are you available in campus,” and the email went like this:

On Feb 9, 2019, at 11:44 AM, ** <**.columbia.edu@gmail.com> wrote:

Hello are you there?

with a legitimate-looking signature line with this professor’s title.

Seemed a bit brief, but who knows? I responded when I got the email, several hours later, saying that I was not around right then.

I completely forgot about all this until I received the following email today from a completely different colleague, subject line “Are you on campus,” with the following content:

On Feb 13, 2019, at 4:56 PM, ** <**0901@gmail.com> wrote:

Are you free at the moment ?

Again, the message ended with a legitimate-looking signature line.

This seemed odd, so I checked the emails carefully and noticed that they were not the actual emails of these two colleagues.

OK, so it’s some sort of scam. But, as is often the case, I can’t figure out the plan. I’m gonna respond to this email and then . . . what, exactly? I mean, whoever’s doing the scam already has my email, so what do they get out of me responding to some fake address?

I can’t figure this one out.