Some members of the University of Louisville may have fallen victim to a phishing scam this past Thursday, this time taking aim at its payroll system. University personnel were sent an email camouflaged as an official communication from the U of L payroll department.
The email, masked as an official notification from U of L’s payroll department, informs recipients of a supposed change in the payment schedule. Clicking on the “view dates” link directed users to an external site designed explicitly for credential theft, instead of leading to an internal university page.
In a telephone inquiry with the IT Desk, they suggested that around a hundred university personnel may have fallen prey to this phishing attempt, compromising their passwords. The deceptive email came from [email protected], which bears no affiliation with the University of Louisville.
While the university’s IT team is working to address the immediate threat, this incident serves as a stark reminder of the importance of cybersecurity vigilance. Phishing emails often contain subtle hints, such as unfamiliar sender addresses, unusual language, or unsolicited requests. It is essential for staff, students, and affiliates to consistently scrutinize emails, especially those prompting sensitive actions like logging in or changing account details.
The university offers cybersecurity awareness that can be found at the Information Technology Services. If there is ever doubt about the authenticity of an email or message, contact the IT HelpDesk or the respective department directly before taking any action. When contacting the IT telephone, there is a step-by-step guide to reset your university password for the victims of the scam.
In light of this recent attack, all individuals are encouraged to report suspicious emails and, if they have interacted with the link, to reset their passwords immediately.
Photo Courtesy // Ralph Merkel