Publications

College and University Employee Payroll Scam

November 15, 2015

College and university employees are a new target of phishing attacks. Employees are receiving fraudulent e-mails alerting them to a change in their human resource status. The e-mail contains a link directing the employee to login to the human resources website to identify the change. But the link actually connects them to a site that spoofs the company's site in an effort to steal their login credentials. Attackers can then take that information, sign into the employee's official human resources account, change their direct deposit information and reroute it to an alternate account.

In these scams, not only can the employee's paycheck be stolen and the money not returned in full, but scammers can also attempt to access an employee's other accounts.

This type of phishing attack has been occurring frequently in colleges and universities but all industries are susceptible to this.

Protect Yourself:

  • Look for e-mails with incorrect grammar, capitalization and tenses
  • Roll your cursor over the links in the e-mail and look for inconsistencies; if it is not the website the e-mail claims to direct you to, is it a fraudulent site
  • Never provide any credentials via e-mail including after clicking on links sent via e-mail
  • Always go directly to an official website rather than via a link e-mailed to you
  • Contact your human resources department immediately if you receive suspicious e-mail
  • share with
Name Title Direct Dial Vcard
Dougherty, Anthony D. Partner, CFE Partner, CFE 212.216.8099 VCard