Phishing Attack Steals Salary of Four Employees of Duke University

Newsobserver.com published news on 7th January, 2014 quoting a report of campus police stating that an Internet scandal termed as "phishing attack" allows thieves to redirect pay of four employees of Duke University, North Carolina, US.

Police said that the criminals were able to acquire network information of employees by sending a bogus email which looked as if it was from the Information Technology (IT) Department of the University.

Police said that the crooks were able to modify account details for the workers' direct deposit payments for December, 2013 with the information workers entered on a bogus website.

A bank cautioned the fifth worker about the incorrect routing number entered by a crook and stopped that transaction.

Police claimed that 380 IT security personnel at the University got an email instructing them to confirm their login details and then directed them to a bogus website.

Duke.edu published news on 6th January, 2014 quoting Richard Biever, Chief Information Security Officer of Duke University, as saying that we want to remind everybody that Duke shall never ask them their password or details about their account through email. While none of Duke's information security systems have been compromised through this incident, this situation is an important reminder that our end users are the front line for security."

Duke officials are working directly with the impacted individuals and external agencies to investigate the situation further.

Anyone who believes that they have supplied information on a website after clicking on links in a suspicious email message, should please contact their local IT support or Duke's IT security offices immediately.

Biever said that Duke also launched additional security measures last fall through a two-step verification service which is available to all users of Duke.

Meanwhile, staffers at Boston University recently were too hit by an Internet scam just like employees of Duke University. Cybercriminals allegedly embezzled monthly paychecks from ten employees of Boston University last month by somehow acquiring the workers' user IDs and passwords and altering their direct deposit data and it is believed that private log-in information of BU employees was stolen through phishing.

» SPAMfighter News - 1/15/2014