Phishing Attacks Target University Employee Payroll Information

Ballard Spahr LLP

In a recent advisory, the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) warned higher education institutions about sophisticated phishing attacks that target faculty and staff credentials to access payroll information, and in at least one case, insurance policy information. The attackers are closely researching institutions’ systems and practices to spoof e-mails and web portals to trick users into providing credentials to access universities’ and colleges’ payroll information. Universities and colleges should view this warning as an opportunity to improve their anti-phishing training and examine their cybersecurity policies.

The phishing attacks described in the REN-ISAC notice target university faculty and staff whose e-mail addresses can be “scraped,” or harvested, from public campus websites. The victims receive an e-mail purporting to be about a change in salary from the university’s human resources department, and they are instructed to follow a link to review information about salary changes. That link connects to a web page that spoofs the university’s human resources or payroll portal and collects the victim’s login credentials. The attacker then uses these stolen credentials to change the victim’s direct deposit settings to reroute payroll deposits to the attacker’s account. These types of attacks appear to be well planned and highly orchestrated, as they very closely mimic university images, URLs, and were often sent during faculty review periods.

REN-ISAC suggests universities make several changes to defend against these latest phishing attacks. These prevention techniques include:

  • Using two-factor authentication or virtual private network requirements
  • Alerting users when direct deposit information has changed
  • Redacting sensitive information available to the user in online systems to prevent the loss of additional personal information
  • Implementing systems to identify suspicious transactions in payroll systems, such as transactions routed to unusual geographic locations or users with duplicate account numbers

Phishing attacks remain some of the most common cybersecurity threats. While these specific attacks targeted payroll information, user credentials obtained through phishing attacks can be used to compromise other parts of an institution’s network, which may contain sensitive personal information, intellectual property, or other confidential data. Educational institutions can protect themselves, their employees, and data by regularly reviewing their information security policies and practices. These practices should include training faculty and staff on information security, including how to identify phishing attacks. Additionally, institutions should take advantage of cybersecurity information-sharing organizations to receive information on the latest cyberthreats.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Written by:

Ballard Spahr LLP

Ballard Spahr LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide