Indiana University has identified phishing attempts targeting higher education institutions where attackers attempt to redirect employee direct deposit paychecks. IU employees should remain vigilant for phishing attempts and regularly review their direct deposit activity to ensure accuracy.

Known as direct deposit fraud, the practice involves using stolen employee credentials – often acquired through phishing emails – to change an employee’s direct deposit information to an unauthorized bank.

IU employees should report any suspected direct deposit fraud immediately to your unit’s payroll processor.

Your payroll processor will then alert the Office of the University Controller. That office will work to determine if fraud has been committed, including notifying the University Information Security Office and advising the employee to file a police report.

The University Information Security Office constantly monitors for the type of phishing email that can lead to direct deposit fraud, and employees are encouraged to report suspected phishing attempts.

Learn more about how to protect yourself against phishing attempts and how to report a suspicious email on IU’s Phishing Education and Training website.

Learn how to report incidents on IU’s Information Security & Policy website.