Tuesday 7 February 2017
IT Services (ITS) is receiving reports of a phishing campaign attempting to gain access to staff payroll accounts. If you work for the university, please be vigilant and delete any university-branded emails asking you to log in to view documents or accounts relating to your salary – please see example below.
Do not click on the link provided, enter your QMUL password or respond to the email. HR, Payroll and ITS will never send you an email asking for your password or bank details. If in doubt, please call the IT Service Desk on 020 7882 8888 or email email@example.com. Free cyber security awareness training is also available for all students.
Related phishing campaign – Job Offer to Students
Another element of the payroll phishing fraud involves recruiting members of staff and students as ‘money mules’ by sending fraudulent job adverts such as a ‘Book Keeper’ or similar roles. Victims then provide bank details which the fraudsters use to divert pay from other staff in the manner similar to the above, and then ask the victim to forward the funds on to the fraudster’s account.
Example of phishing email relating to payroll
From: XX Payroll
Date: 18 January 2017 at 12.54 pm
Subject: Your Salary Raise Documents
The Payroll Verification Report was reviewed and it was noted that you are due for a 12% salary raise on your next paycheque effective February 2017.
All bonuses and deductions are advised therein The salary raise letter is enclosed below:
Access the documents here Click link
Human Resources & Payroll Benefits
• Do not click on any links or open attachments contained within unsolicited emails.
• Do not reply to scam emails or contact the senders in any way.
• If an email appears to have come from a person or organisation you know of but the message is unexpected or unusual, contact them directly via another method to confirm that they sent you the email.
• If you receive an email which asks you to log in to an online account via a link provided in the email, instead of clicking on the link, open your browser and go directly to the company’s website yourself.
• If you have clicked on a link in the email, do not supply any information on the website that may open.