University employee payroll scam
University employees are receiving fraudulent e-mails indicating a change in their human resource status.
The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials.
Once the employee enters his/her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information.
This redirects the employee’s paycheque to the bank account of another individual involved in the scam.
Consequences of this scam:
- The employee’s paycheck can be stolen.
- The money may not be returned in full to the employee.
- The scammers can take the employee’s log-in credentials and attempt to log into other accounts that belong to the employee.
Tips on how to protect yourself from this scam:
- Look for poor use of the English language in e-mails such as incorrect grammar, capitalization, and tenses.
- Hover your cursor over all links received via e-mail and look for inconsistencies. If you are unsure about the website the e-mail claims to be directing you to, then do not click the link.
- Never provide your MacID credentials, or credentials of any sort via e-mail. This includes after clicking on links sent via e-mail. Always go to an official website rather than from a link sent to you via e-mail.
- Talk to your manager, or contact the Human Resources department if you have questions about an email that you have received.
If you believe that you have been a victim of this scam, please contact IT Security:
email: c-it-security@mcmaster.ca
Telephone: ext. 28299