'Spear phishing' emails target direct-deposit, HR accounts

· 2 min read

‘Spear phishing’ emails target direct-deposit, HR accounts

UNL employees should be on alert for fraudulent “phishing” emails designed to steal employee credentials to university and banking websites. The emails have targeted university employees across the nation to reveal online login and password or submit the credentials to a fraudulent site.

Do not click on or respond to any message that asks for credentials or personal information. UNL will never ask for individual login, password or other personal information via email.

Also known as “spear phishing,” many emails have become more sophisticated and focused, closely resembling actual email correspondence used by a university or banking institution. Universities are prime targets because of their large populations.

As recently as Oct. 18, two Michigan State University employees’ credentials were stolen via a phishing scam requesting direct-deposit confirmations. Cyber-criminals used the information to modify banking information through the institution’s employee web portal. Weeks earlier, paychecks for five employees from Washington University, St. Louis, were diverted via a phishing attack.

Many phishing emails are blocked at UNL’s email gateways, but some inevitably get through. If you are suspicious of an email, forward it to the Computer Help Center. You can also reference emails that have been reported as frauds at http://its.unl.edu/phishing.

Individuals who have responded to an email, should contact the Computer Help Center to change passwords that may have been accessed. Contact the Computer Help Center at 402-472-3970, 866-472-3970 or mysupport@unl.edu.

October is National Cyber Security Awareness Month. For other information security resources go to http://security.unl.edu/.

Recent News