University Salary Phish ExamplePhishers have been attacking universities across the country with emails that look like this one (Example email from University of Chicago):
Subject: Your Salary Raise Confirmation
The University is having a salary increase program this year with an average of 2.5%.
The Human Resources department evaluated you for a raise on your next paycheck.
Click below to confirm and access your salary revision documents:
Click Here hxxp://kirovtourism.ru/www.uchicago.edu/Sign-In.htm to access the documents
The University of Chicago
Recent reports about Your Salary Raise ConfirmationA google search for that email subject "Your Salary Raise Confirmation" helps to reveal just how many Universities are targeted in this attack.
- Longwood.edu (Sep 25, 2014) - www.longwood.edu/usersupport/58483.htm
- UChicago.edu (Sep 22, 2014) - itservices.uchicago.edu/page/email-scam-sep-22-2014-your-salary-raise-confirmation
- WUSTL.edu (Sep 22, 2014) - nso.wustl.edu/securitynewsandnotes
- Geoge Mason ( Sep 17, 2014) - itservices.gmu.edu/alerts/view-alert.cfm?customel_dataPageID_8958=33535
- UOregon (Sep 11, 2014) - www.facebook.com/UOTechDesk/posts/6745046326415720
- USouth Florida (Aug 4, 2014) - hscweb3.hsc.usf.edu/is/phishing-alert-email-with-subject-of-your-usf-salary-raise/
- Brown.edu (Jul 26, 2014) - www.brown.edu/information-technology/alerts/phishing-alert-your-salary-raise-confirmation-0
- Illinois (July 5, 2014) - security.illinois.edu/content/secsup-9121-university-human-resources-phishing-scam
- Virginia Commonwealth (June 30, 2014) - phishing.vcu.edu/2014/06/30/
- Nebraska Wesleyan (Jun 20, 2014) - csit.nebrwesleyan.edu/security_alert_phishing_scam_reported
- UVM.edu (May 28, 2014) - www.uvm.edu/it/?Page=news&storyID=18599&category=etsspotlight
- Michigan State (Mar 17, 2014) - support.anr.msu.edu/support/news/item/email_phishing_attempt_your_salary_raise
- Duke (Ma 13, 2014) - security.duke.edu/phishing-attacks-your-salary-raise-details-march-13-2014
- UPENN.edu (May 6, 2014) - www.upenn.edu/computing/security/phish/
- Georgetown - security.georgetown.edu/students/diy-computer-security/phishing-attacks/phishing-examples
- ODU.edu (Aug 21, 2014) - www.odu.edu/announcements/faculty-staff/2014/8/21/phishing_campaing_ag.iframe.html
DHS / REN-ISAC / Multi-State ISAC AdvisoryOn August 18, 2014, the Department of Homeland Security released an advisory titled "University Payroll Theft Scheme" that cautioned Universities to be wary of this scheme.
Some of the email subjects that were mentioned in that advisory include:
- Your Salary Review Documents
- Important Salary Notification
- Your Salary Raise Confirmation
- connection from unexpected IP
- RE: Mailbox has exceeded its storage limit.
If you receive a copy of a phish such as this, please send an alert to: firstname.lastname@example.org