• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

It Only Takes 1 Phish: Wichita State University Employees Get Fooled Into Losing Their Paychecks

Diana Eidson

Smashing Bugs
Jan 16, 2019
31
10
First Name
Diana
Three employees of the university fell prey to a common scam asking for their credentials, giving cybercriminals access to change banking details.

We’ve said it time and time again: the bad guys do their homework. In the case of the attack on WSU employees, cybercriminals spoofed the university’s payroll system and sent emails to employees tricking them into providing their university ID and password. That was all the attackers needed to gain full control to the employee’s profile, personal data, and most importantly – banking information.

It wasn’t until a number of employees did not receive their paychecks that the scam was found out. At least three members of the WSU staff fell for the scam, allowing cybercriminals to alter the employee’s personal banking details which caused paycheck payments to be routed to the criminals’ bank.

The university implied that they would make the employee whole, despite not being responsible for the attack, but indicated that they would not be able to do so in the future should it happen again.

Cybercriminals are in the business of ensuring their efforts pay off. It’s the primary reason they target specific industries, businesses, and even people. The more context they can gather (e.g., the payroll system used specifically by WSU), the higher the chances of successfully fooling an employee into taking the bait.
Just a courtesy alert
 
If anyone finds this kind of deception tactics fascinating I highly advise reading Ghost in the Wires. It is the story of Kevin Mitnick who did some crazy things with "social engineering" ...AKA hacking in the Hollywood sense.

Amazon product


Fantastic book, written in a way that is a load of fun to read.
His stories of "hacking" more often than not involve him calling a company, saying "I'm on the field having an issue, can you please active unlimited long distance calling on this phone number so I can debug".

It's shocking how easy this is to do still today. People just don't expect you to be dishonest if you can gain the smallest bit of their trust.
 
I'm still waiting for the spam to come from her. Wichita State Employees being duped helps the automotive community how? Redundant posts in same thread?

I hope you're wrong. I hear where you're coming from though. And with your point made quite clear, let's start giving her the benefit of the doubt. If I'm wrong throw the biggest "I told you so" at me.
 
  • Useful
Reactions: Alex Snyder
  • Like
Reactions: Diana Eidson