January 21, 2019
Three Wichita State University (WSU) personnel began the new year without paychecks after falling victim to a payroll phishing scam which has since been reported to the FBI. In a statement released by the university after the discovery, Lois Tatro, associate vice president of financial operations, said the phishing emails seemed to be very real. “So real in fact that employees have clicked on the link, entered their myWSU ID and password which provided the hacker IMMEDIATE access to personal information such as BANK ACCOUNTS, ADDRESSES, STUDENT RECORDS, etc!” Tatro wrote.
A costly lesson
It wasn’t until those three employees didn’t receive their paychecks that they realized something had happened. The university covered the paychecks this time, but said they would not be able to do that in the future. This warning should deter other employees from providing their personal information in an email link, no matter how “real” it appears.
WSU said that its computer system was not hacked or compromised as a result of the scam. There is also no evidence that any student information was compromised.
Phishing testing and training lowers risk of being scammed
Michaela Kahn, PrivaPlan’s director of education, said, “So while in the healthcare industry one of our main concerns with phishing is to protect patient information, and to keep systems secure and running, don’t think that falling for a phishing scheme at work couldn’t be pretty personal.”
PrivaPlan Associates now offers a fully managed Phishing Testing and Training Program. “Testing both assesses risk and it helps to inoculate your users against real world phishing attacks,” Kahn said, adding that first time phishing tests of our customers on average come back with a risk score of over 30-percent. After a year of monthly or bi-monthly testing, their average risk scores are below five-percent. “That’s a risk manager’s dream!” she said.
Contact PrivaPlan to find out more and request a free trial phishing test to find out what your risk level is. Our baseline test is always one that asks for user credentials, just like the scheme that fooled the Wichita State employees.
For more information contact: Michaela Kahn at firstname.lastname@example.org or call 1-877- 218-7707.