Three employees of the university fell prey to a scam, giving cybercriminals access to change banking details.
In the case of the attack on WSU employees, cybercriminals spoofed the university’s payroll system and sent emails to employees tricking them into providing their university ID and password. With that information the attackers gained full control to the employee’s profile, personal data, and most importantly – banking information.
After a number of employees did not receive their paychecks that the scam was found out. At least three members of the WSU staff fell for the scam, allowing cybercriminals to alter the employee’s personal banking details and redirecting paycheck payments to be routed to the criminals’ bank account.
Cybercriminals are in the business of ensuring their efforts pay off. It’s the primary reason they target specific industries, businesses, and even people. The more context they can gather, the higher the chances of successfully fooling an employee into taking the bait.
Organizations need to keep employees on their toes with security top of mind to avoid incidents like this. When users step through security awareness training, they are taught about the attacks methods used, and to be suspicious of anything that seems out of the ordinary, scrutinizing email, web pages, and even phone calls – all to make sure your organization is protected against successful attacks.