“The more laws and order are made prominent, the more thieves and robbers there will be.” – Lao Tzu

Emory University is currently under the attack of a very sophisticated email phishing scam that attempts to use an employee’s secure ID and password to route their direct deposit to an off-shore bank account. The emails look very authentic, some posing as a Fidelity announcement that your direct deposit has been stopped.

Dana Haggas (Enterprise Applications) made an announcement at the November 21 IT Briefing that her team is acutely aware of this issue. This scam has been hitting universities around the US and now Emory is a target. Nancy Seideman (Emory Associate VP and Executive Director of Media Relations) sent out a security alert to all employees on December 5 entitled: “Security Alert: Direct Deposit Fraud” which contains several preventative guidelines:

• Be suspicious of unsolicited emails asking you for your login credentials, or those that tell you that you must take some immediate action to log in and fix a problem.
• Do not click on links in emails that ask you to provide login information. Instead, go directly to the site via the address that you already know. Phishers will provide you with a link that they control, and once you’ve logged in they have your credentials. They may even go as far as exactly duplicating the login screen that you would expect to see.
• Always check your web browser’s address bar before logging in. Make sure that the address matches the one you’re expecting to log in to.

Phishing emails should be directed to abuse [at] emory [dot] edu. If your direct deposit information has been changed without your initiation, please contact the Emory University or Emory Healthcare payroll departments immediately.