Email scam nets thieves a month's pay from four Duke employees

rgallagher@newsobserver.comJanuary 7, 2014 

— An Internet scam known as a “phishing attack” let thieves redirect pay for four Duke University employees while a fifth attempt was foiled, campus police reported.

The thieves were able to get the employees’ network information by sending a fake email that looked like it was from the university’s Information Technology department, police said in a community posting Monday.

With the information the workers entered on a bogus website, the thieves were able to change account information for the workers’ direct-deposit payments for December, police said.

A bank alerted the fifth employee about the wrong routing number entered by a thief, and that transaction was stopped.

Police said IT security workers at the school determined that 380 people got an email asking them to “confirm your login details” and directing them to a fake website.

“We want to remind everyone that Duke will never ask for your password or information about your account via email,” said Richard Biever, Duke’s chief information security officer.

Biever said phishing attacks happen frequently and reminded network users that they are the ones best able to foil them.

No university systems were compromised in this incident, Biever said.

Gallagher: 919-829-4572

News & Observer is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service