New phishing scam redirects pay checks meant for Wash U. employees

Print
Email
|

by KMOV.com Staff

KMOV.com

Posted on October 3, 2013 at 7:30 PM

Updated Thursday, Oct 3 at 7:40 PM

 (KMOV) – News 4 tracked a new high-tech crime trend which could divert a paycheck to someone else’s account.

The St. Louis area has been hit by what’s call a “Spear Phishing Scam” and Washington University has issued a crime alert after some of its employees fell victim to the scam.

“There have been many cases where people have lost their entire businesses, their savings, their checking accounts and it's just gone,” said Scott Granneman, a Wash U. professor.

Five workers at Wash U. fell victim to the fraud and their direct deposit paychecks were re-directed away from their bank accounts and the money was gone.

"If you fall victim to any phishing scheme the likelihood of you getting your money back are next to nothing,” said Professor Granneman.

Professor Granneman teaches technology law and social media at Washington University. A fake email prompted the university to put out an alert to all employees on its website.

When asked how this scam differs from others, Granneman said, “The analogy I like to use, a normal phishing scam is sent out to millions of people, it's like a shot gun blast.  It covers as much range as possible and you hit whoever you can.  Spear phishing is the equivalent of a sniper rifle, precision aiming at only a few people that you want to target."

As far as spear phishing goes, Granneman said this was a pretty good one. It was well researched and on the surface, appears to be from the schools IT department.

Universities are good targets, due to their larger size.

Granneman said workers at any company can be targeted. He said to never clikc on a link in an email, and to not call the phone number listed in the email.

He recommended people calling their payroll department or their bank to see if anyone called requesting the person’s information.

"You should never send out any personal information via e-mail because email is like a postcard, anyone can read it in transit. They are not encrypted. It’s easy for anyone to see the contents as it is zipping through servers all over the internet."

In the case of those five workers who's checks were re-directed.. Washington University re-issued their checks.

News 4 learned of a similar incident last month at the University of Michigan and several other universities across the country have sent out alerts to their staff.

The FBI is currently investigating. 

Print
Email
|