Share:

Direct deposit phishing scheme targets Miami

IT Services and the information security team have recently become aware that a scam involving direct deposit allocations has been making the rounds of Miami inboxes.

The message asks for payroll employees to change the direct deposit information of the “sender,” which has been changed to mirror the name of a Miami employee. An example of the message looks like this:


From: [redacted name of an actual Miami employee] <r.maxi@roll-field.com>
Date: Tue, Jun 11, 2019 at 12:16 PM
Subject: Direct Deposit
To: <payroll@miamioh.edu>

Hi ,

I would like to update my direct deposit information with my new account details. Can the change be effective for the current pay date?

Thanks,

[redacted]

Sent from my iPhone

The InfoSec team would like to remind the Miami community that emails asking to change direct deposit information or asking for personally identifiable information (PII) of any kind should be treated with a high degree of skepticism. Note the "sent from" email address is not from a Miami domain (because it doesn't include the "@miamioh.edu").

If you receive a message that you suspect to be a phishing message, please forward the message to InfoSec@MiamiOH.edu. This allows the information security team to block sites that may be associated with phishing attacks. If you ever feel you may have responded to a fraudulent message or clicked a link in one, please contact IT Help immediately at 513-529-7900.