PHISHING ALERT: Malicious Email Indicating New Payroll Approvals Required | Office of Information Security

The Office of Information Security has identified a phishing threat in which the sender indicates new payroll approvals are required. This is a malicious email attempting to get users to follow a link to a fake login portal. Any user information that is entered in this fake portal will be captured by the criminals as a means to compromise our systems. If you receive this email, or any others like it, please simply forward the email to phishing@wustl.edu and delete it from your email boxes.

This phishing attempt contains several clues that it is not an authentic message. You can see these clues highlighted and circled in red in the image below. The sender email address is the first clue that this email is a phish. If you expand the view to see who actually sent this message, you can see it does not come from a ‘@wustl.edu’ email account. You will also notice a tone of urgency that is intended to make the recipient think they will be losing out on something if they don’t take action. The criminal is attempting to get unsuspecting recipients to click on the link in this email so they will be sent to a fake portal designed to to steal any information entered there. As always, extreme caution should be exercised with any links received via email. If you ever have any doubt at all, pick up the phone and use a contact number you are certain is accurate to ask about the authenticity of the email and request.

Payroll Phishing Example — Marked up version of the malicious email. Note the email address highlighted in yellow and the errors and warning signs circled in red.

Malicious Portal for Payroll Phish — Example of portal set up by criminals to steal personal information. Note the malicious URL at the top of the window.

Additionally, there are grammatical and usage errors throughout this phishing email. The greeting says “Dear Member” and doesn’t include a comma. The first sentence of the email is missing a comma, and the following sentence doesn’t clearly state what it is attempting to state. The closing message, “Best Regards” is also missing a comma, and the email signature is clearly inauthentic.

If you receive an e-mail such as this or any other suspected phishing attempt, please do not click on any links or download any files from the e-mail. Simply forward the e-mail to phishing@wustl.edu and delete the e-mail from your inbox.

If you have additional questions or concerns, please reach out to us at the Office of Information Security at infosec@wustl.edu . We appreciate all that you do to keep our university secure.