Earlier this week the Internet Crime Complaint Center (IC3) and FBI sent out a report regarding a phishing scam targeting university employees. Users are receiving e-mails about a change in their human resource status and are sent to a link to website to address this change. The link sends the victims to a page that looks similar to their human resources page, where they are prompted to enter their log-on credentials. If the employee enters their credentials, the scammer then has their account information, which can lead to numerous consequences. The scammer can change their direct deposit information, causing the employee to not receive their check, retrieve other private information, and use the victim’s credentials to try to access other accounts.
To protect yourself from the scam, the IC3 (ic3.gov) encourages you to:
- Look for poor use of the English language in e-mails such as incorrect grammar, capitalization, and tenses. Many of the scammers who send these messages are not native English speakers.
- Roll your cursor over the links received via e-mail and look for inconsistencies. If it is not the website the e-mail claims to be directing you to then the link is to a fraudulent site.
- Never provide credentials of any sort via e-mail. This includes after clicking on links sent via e-mail. Always go to an official website rather than from a link sent to you via e-mail.
- Contact your personnel department if you receive suspicious e-mail.
For a full report, please visit the IC3 public service announcement page.
For more information on phishing scams and social engineering, view this US Computer Emergency Readiness Team tip page.
If you come across any suspicious e-mail of this sort, please report the issue to the ITS Help Desk at (773) 508-4487 or firstname.lastname@example.org.