University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials. Once the employee enters his/her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information. This redirects the employee’s paycheck to the bank account of another individual involved in the scam.
Consequences of this Scam:
If you have been a victim of this scam, you may file a complaint with the FBI’s Internet Crime Complaint Center at www.IC3.gov. Please reference this PSA number in your complaint.
The IC3 produced a PSA in May 2014 titled “Cyber-related Scams Targeting Universities, Employees, and Students,” which mentioned this scam. The PSA can be viewed at http://www.ic3.gov/media/2014/140505.aspx.
Tips on how to Protect Yourself from this Scam
More on Avoiding Social Engineering and Phishing Attacks from the US-Cert.
Archived News >