Phishing Attempts Targeting Direct Deposits
Various universities have reported an increase in the number of attempts to access employee account information by individuals masquerading, in an email or other communication, as representatives of the university’s human resources or employee benefits department. The attackers’ goal is to get recipients to visit a spoofed, or fake, website designed to collect their personal or financial information. The attackers then use the recipients’ information to change the direct deposit information of their victims, causing payroll funds to be directed to the attackers’ accounts.
These messages may be sophisticated, including official university logos and containing links that mimic the URLs of legitimate university portals. Cybercriminals commonly use links that contain minor misspellings of legitimate URLs. Other recent tactics used by attackers include:
- Spoofed, or fake, messages from relevant university offices with Subject lines such as “salary increase” or “mailbox quota exceeded.”
- Links to spoofed login screens that are close replicas of legitimate login screens and that may contain unusual URL addresses.
- Spoofed prompts for additional credential information (e.g., PINs or account numbers) for your bank or university account.
USC business and administrative units will never ask you to divulge personal or financial information via email. If you receive an email purporting to be from Human Resources, Benefits, or Information Technology Services that asks you to provide this type of information, call your local IT or HR representative to inquire about the email. You may also call the ITS Customer Service Center at (213) 740-5555 to report a suspected phishing email.
Never put your USC NetID and password into an email. Instead of clicking links in email, Facebook, or other sources, retype the URL in your web browser. For additional tips about protecting yourself from phishing attacks, visit the ITS Information Security section of the ITS website by typing itservices.usc.edu/security/phishing in your web browser.
For more details, refer to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) advisory at http://www.ren-isac.net/alerts/REN-ISAC_ADVISORY_University_Payroll_Theft_20141112_TLPWHITE.pdf (also copied here).