Please share this with your staff and faculty
The Internet Crime Complaint Center (IC3) has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent e-mails and websites to entice employees to reveal login credentials. Reference: http://www.ic3.gov/media/2015/150113-2.aspx
Quoted from the article:
University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials. Once the employee enters his/her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information. This redirects the employee’s paycheck to the bank account of another individual involved in the scam.
UBC employees cannot update banking info in Self-Service, and only the last 4 digits of your bank account number appears on the Direct Deposit page. However, your Self-Service records contain personal information that could aid in identity theft.
In order to change personal direct-deposit information, UBC employees must complete paper forms and attach updated backing information, which is then submitted to Payroll. UBC Payroll is ensuring their staff are aware of this phishing scam.
Important Security Steps
If you think you may have submitted your UBC CWL or login account credentials to an illegitimate site, go to myAccount to change your password immediately. Also, please forward a copy of the email including full headers to email@example.com and advise of the possible breach of your account.