In at least three separate incidents in 2014, malicious actors sent phishing emails with malicious links to University employees; employees who clicked on the link were taken to fraudulent websites that collected single sign-on credentials, which were used to modify the employee’s direct deposit account information. By changing this information, the malicious actors rerouted the employee’s paycheck to a financial account under the malicious actors’ control.
Employees report that the malicious websites were poor copies of their university’s single sign-on portal and many of the emails were reported to appear as though they originate with the employee’s university. CIS does not have specific indicators related to this trend, at this time.
Please remain vigilant. We have phishing and social engineering training for employees urging them to not open suspicious emails, not to click on links contained in such emails and to never provide usernames and/or passwords to any unsolicited requests.
Credit: The Center for Internet Security