connect. communicate. collaborate.
  • Home
  • Recent rise in scammers attempting to reroute employee paychecks

Recent rise in scammers attempting to reroute employee paychecks

In recent weeks, the KU Information Technology Security Office (ITSO) has seen an increase in email attacks with impersonators trying to reroute employee paychecks. Other attacks try to convince recipients to bypass normal purchasing or financial processes. These malicious emails may appear to come from a person in authority and often target human resource and finance departments. The ITSO team reminds you to be vigilant in protecting yourself and the KU community from these and other phishing attempts.

If you receive an email directing you to take action outside an established HR or finance process, do not respond and forward the email to abuse@ku.edu. Additionally, in the case of these messages, it is advised you verify their legitimacy by conferring with your supervisor or contacting Human Resource Management (785-864-4946 | hrdept@ku.edu) or the Finance department (785.864.4904 | adminfin@ku.edu). If you have responded to a message you believe may be malicious, contact ITSO immediately at 785-864-8080 or itsec@ku.edu.

As always, please remember that you may review your direct deposit elections in HR/Pay under Payroll and Compensation. If you have questions about your direct deposit, please contact payroll@ku.edu.

Please note the following red flags: 

  • The sender’s email address does not match the “from” line header information.
  • The email address domain is anything other than “@ku.edu.”
  • The subject line includes language such as “Direct Deposit Update!” or “Payroll Direct Deposit.”
  • Poorly crafted emails with spelling and grammar mistakes.
  • Incorrect or abbreviated signature line for the supposed sender.
  • The use of full names instead of nicknames and a language structure that may not match how the supposed sender normally communicates.
  • Indications that the only way to contact the sender is through email. In some cases, the emails appear to be timed to correspond with times the employee is out of the office.
  • The transactions are for a new vendor or new contract.
  • Internal warning banners that indicate the email is spam, spoofed or from an external source.

You and your colleagues are the best defense against malicious attacks through awareness and vigilance. Trust your suspicions when you receive messages that, for whatever reason, don’t seem quite right. We would rather get 100 genuine messages reported to abuse@ku.edu, than have one bad message get through and harm you, your colleagues or the University.


KU IT on Twitter  KU IT on Facebook  KU IT on Instagram

Technology Help

Call KU IT Customer Support

785-864-8080
Phone support

Email KU IT Customer Support

itcsc@ku.edu
Support via Email

Faculty/Staff Support

Faculty/Staff Support
Technology Support Centers

KU IT Knowledge Base

Knowledge Base
FAQs & More

Submit Help Ticket

Submit Help Ticket
Online Help

Call KU IT Customer Support

913-626-9619
Phone support

Email KU IT Customer Support

kuec_support@ku.edu
Support via Email

KU IT Knowledge Base

Knowledge Base
FAQs & More

Request Edwards IT Support

Request Edwards IT Support
Online Help

Comments or ideas on how we can serve you better? Send us your feedback!

KU Today