A number of universities across the country have recently fallen victim to fraudulent activity in which some of their employees' direct-deposit bank accounts were changed in order to direct their paychecks to another bank account. Often, these changes are made possible because a scammer obtained an employee’s login credentials through phishing.
Within the last month Emory University and Emory Healthcare officials have become aware of this fraud affecting a small number of Emory employees. The affected employees are aware of the situation, and checks were reissued to them.
Protecting yourself
1. Learn to recognize phishing.
- Phishing is when a criminal attempts to trick you into giving up sensitive personal information, such as your username and password.
- Be suspicious of unsolicited emails asking you for your login credentials, or those that tell you that you must take some immediate action to log in and fix a problem.
- Do not click on links in emails that ask you to provide login information. Instead, go directly to the site via the address that you already know. Phishers will provide you with a link that they control, and once you’ve logged in they have your credentials. They may even go as far as exactly duplicating the login screen that you would expect to see.
- Always check your web browser’s address bar before logging in. Make sure that the address matches the one you’re expecting to log in to.
2. Understand what’s at risk.
- Your sensitive personal information.
- Sensitive Emory data.
3. Report any fraudulent changes to your account.
- If your direct deposit information has been changed without your initiation, please contact the Emory University or Emory Healthcare payroll departments immediately.