Recently, the FBI released a statement warning universities around the country that hackers are targeting their payroll departments. Chapman University has already made the necessary changes and is staying ahead of the curve.

THE SCAM:

Hackers send out an email to university employees and faculty saying that there was an issue with their payroll information and they need to log in to their account to fix it. A link is provided in the email where users are asked to enter their credentials. Instead of logging into their accounts, they are actually supplying their credential information (username & password) to the hackers. At this point the user’s account is now compromised and they don’t even know it. The hackers then use the stolen credentials to log in to the user’s account where they change the direct deposit routing information. In the end, the user’s paycheck is routed to the hacker’s account rather than the employee’s account. Depending on how frequently the employee checks their account, this could go on for several pay periods before anything is noticed.

CHAPMAN UNIVERSITY INFORMATION SECURITY:

Students – Starting January 2nd, 2019, the Student Business office and IS&T implemented Two Step Authentication on the university’s ePay website. When students or panther partner authorized users log in to make a payment, they are required to enter a additional six digit code. The code is delivered either by email, SMS text, or phone call and can only be used once. The purpose being that if the user’s credentials are compromised, this extra verification step will not only block the unauthorized users from accessing sensitive information, but will also alert the user that someone trying to access their account information.

Please visit the student business office site for more information about accessing your ePay account.

Faculty & Staff – IS&T is offering all faculty and staff the option to sign up for Multi Factor Authentication (MFA) to help protect their information and university data from being compromised by unauthorized users. All faculty and Staff are encouraged to visit mfa.chapman.edu to sign up for MFA services. MFA is optional, but is highly recommended. Please help in keeping our university information safe.

For more information about information security at Chapman University, please visit chapman.edu/security. For questions, please email our information security team at infosec@chapman.edu.