College and university employees are a new target of phishing attacks. Employees are receiving fraudulent e-mails alerting them to a change in their human resource status. The e-mail contains a link directing the employee to login to the human resources website to identify the change. But the link actually connects them to a site that spoofs the company's site in an effort to steal their login credentials. Attackers can then take that information, sign into the employee's official human resources account, change their direct deposit information and reroute it to an alternate account.
In these scams, not only can the employee's paycheck be stolen and the money not returned in full, but scammers can also attempt to access an employee's other accounts.
This type of phishing attack has been occurring frequently in colleges and universities but all industries are susceptible to this.
|Dougherty, Anthony D. Partner, Head of Corporate Investigations Practice||Partner, Head of Corporate Investigations Practice||212.216.8099|