University Direct Deposit Account Credentials Targeted by Phishing Emails
In at least three separate incidents in 2014, malicious actors sent phishing emails with malicious links to University employees; employees who clicked on the link were taken to fraudulent websites that collected single sign-on credentials, which were used to modify the employee's direct deposit account information. By changing this information, the malicious actors rerouted the employee's paycheck to a financial account under the malicious actors' control.
Employees report that the malicious websites were poor copies of their university's single sign-on portal and many of the emails were reported to appear as though they originate with the employee's university. CIS does not have specific indicators related to this trend, at this time.
We recommend the following actions be taken:
- Organizations should provide phishing and social engineering training to employees urging them to not open suspicious emails, not to click on links contained in such emails and to never provide usernames and/or passwords to any unsolicited requests.
- Organizations should provide email notifications to employees when their financial information has been changed.