Carnegie Mellon University
Security Alert: Email Scam Targets CMU Employees for Potential Payroll Theft
Wednesday, February 25, 2015

Security Alert: Email Scam Targets CMU Employees for Potential Payroll Theft

On December 4, 2014 the Information Security Office (ISO) published an information notice titled “Scam Alert: Higher Ed is Target of Direct Deposit Thieves”. This notice can be found on the ISO’s home page at www.cmu.edu/iso. The article warned of phishing email attacks targeting schools for the purpose of stealing credentials and using them to alter the victims’ direct deposit information. On Saturday, February 21, 2015, nearly 200 Carnegie Mellon users received a phishing email that appears to have been designed for this purpose. The email’s subject was, “Your Salary Raise Information”. A link in the message led to a well-crafted copy of Carnegie Mellon’s login page. After providing their login information, victims were redirected to campus web sites. Later, the attacker used a subset of the harvested login information to access Workday. Workday is the system used by employees (including work study and some grad students) for payroll, human resources and time tracking information. While the investigation is ongoing, there is no evidence that any Workday data was modified and known victim accounts, of which there were relatively few, have been secured. Only data accessible to the individual victims’ accounts was ever at risk.
Load more articles