CONTACT US AT:
Information Security Office
Clear Lake Center
Suite 1.158
Webster, TX 77598-1230

Phone: 409.772.3838
Email: iso@utmb.edu


C)}C"gd

Information Security Corner

Stay Wary: Phishing Attacks and Direct Deposit

Over the course of the last three weeks, the Office of Information Security, working with Payroll Services, has identified five instances of fraudulent changes to employee direct deposit information. Fortunately, these changes were identified and corrected before there was a financial impact to the victimized employees. These account "hacks" appear to be associated with a phishing email that was received on April 4, 2017, compounded by a misconfiguration in our PeopleSoft logon process for Employee Self Service (ESS). ("Phishing" is someone masquerading--often via email--as someone they're not, in order to get information or to encourage a user to do something that they normally wouldn't, such as share their password.)

The misconfiguration issue has been identified and corrected. Employees are reminded to scrutinize any email with links to a webpage that require you to enter your UTMB username and password.

Beofre you click on a link, look for these three things:

  1. Does the email make sense? Is it typically something that UTMB would request?
  2. Is the email from a trusted source? Does it come from a UTMB address and is the email address associated with the department that would make such a request?
  3. If you click on the link and it takes you to a logon page, verify that the address is a UTMB address.
When in doubt of any email or digital request, forward it to CIRT@utmb.edu; the Office of Information Security will review on your behalf.

As a precaution and prior to the next pay period, employees are encouraged to verify that their direct deposit information is accurrate/has not been improperly modified. Settings may be checked in Peoplesoft's Employee Self Service, under Payroll and Compensation.

If you have any questions about cyber security, or suggestions on how to improve UTMB's cyber security efforts, please contact the Office of Information Security at 409-772-3838.