Online thieves steal NDSU paychecks, lure employees
FARGO -- Eight North Dakota State University employees recently lost their paychecks to an online scam, prompting an FBI investigation, North Dakota University System officials said Friday.
FARGO - Eight North Dakota State University employees recently lost their paychecks to an online scam, prompting an FBI investigation, North Dakota University System officials said Friday.
Using an email-based con known as “phishing,” a scammer or scammers tricked the employees into providing personal information that allowed the scammer to redirect direct-deposit paychecks to fraudulent bank accounts, the officials said.
The employees have since been reimbursed by NDSU.
Only NDSU employees were targeted and the university system’s computer network was not threatened, said Vice Chancellor Lisa Feldner, the system’s top information technology official.
She said the phishing was not related to a network security breach reported in February that potentially exposed the personal information of more than 290,000 past and current university system students and employees. Three IT employees lost their jobs over that incident.
During the phishing incident, university system officials did worry that their network might have been breached. As a precaution, the university system’s computer system containing employee information was shut down.
The system has since been reactivated, but employees still are not allowed to change direct-deposit information online.
The university system is scheduled to discuss phishing in Bismarck on Wednesday.
Little information is available about the NDSU phishing incident. The university directed questions to the university system. And Feldner, at the system office, provided limited information citing, in some cases, lack of direct knowledge, and in other cases, the ongoing investigation.
The university system released a statement saying the incident happened “during the last payroll cycle” when NDSU employees received a fraudulent email.
Felder said the emails appear to have targeted individual NDSU employees. If it had been a mass email, the university system’s network would have blocked it.
NDSU isn’t the first university victimized by this scam. In December, Boston University reported 10 employees had their direct-deposit paychecks stolen. In January, it happened to four Duke University employees, and in June it happened to 10 George Mason University employees.
In a typical phishing expedition, scammers send emails designed to look as if they come from legitimate sources, such as their employer or bank. The idea is to trick victims into providing personal information, such as email passwords and bank routing numbers.