Washington University notified students and staff Wednesday evening of a possible email phishing campaign designed to trick recipients into revealing passwords.
According to the email from Wash U, university employee direct-deposit paychecks were re-directed away from their bank accounts in five different incidents. Those five are aware of the situation, the email stated, and their paychecks were re-issued.
There is an ongoing federal law enforcement investigation and Wash U officials are cooperating with authorities.Phishing isa technique criminals use to try to trick recipients out of information. An email is sent to victims directing them to websites that ask for passwords as verification of some sort. The emailer disguises themselves as something or someone you trust, many times impersonating a bank or other respected entity.
The following is the text of the fraudulent email as reported by Wash U
From: Washington University in St. Louis
Date: September 8, 2013, 4:58:54 AM MDT
To: Subject: URGENT ALERT
To secure our system and all employees details from all forms of cyber attacks following the latest compromise on our database the IT department and the Human Resources have unanimously agreed to upgrade our system to the latest OLTP Microsoft Server. Hence to secure your profile and details you are required to immediately upgrade to this platform.
It takes less than 2 minutes to update your profile. Follow the link below to have your details immediately upgraded:
IT Services & HR Management SystemWashington University in St. Louis