DURHAM — An Internet scam known as a phishing attack let thieves redirect pay for four Duke University employees while a fifth attempt was foiled, campus police reported.
The thieves were able to get the employees network information by sending a fake email that looked like it was from the universitys Information Technology department, police said in a community posting Monday.
With the information the workers entered on a bogus website, the thieves were able to change account information for the workers direct-deposit payments for December, police said.
A bank alerted the fifth employee about the wrong routing number entered by a thief, and that transaction was stopped.
Police said IT security workers at the school determined that 380 people got an email asking them to confirm your login details and directing them to a fake website.
We want to remind everyone that Duke will never ask for your password or information about your account via email, said Richard Biever, Dukes chief information security officer.
Biever said phishing attacks happen frequently and reminded network users that they are the ones best able to foil them.
No university systems were compromised in this incident, Biever said.