July 14, 2016

Phishers target Medical Center employees via fake salary increase emails

Phishing Scam Warning SignVUMC IT Security Operations has detected a targeted attack against VUMC users. Phishers continue to target Medical Center employees with information pertaining to salary increases. Subject lines of these emails usually include verbiage resembling “Payroll Increase,” “Salary Documents,” or “Your New Paycheck.”

Below is an example of a fraudulent email:

Hello,

We assessed the 2016 salary structure as provided for under the Vanderbilt University terms of employmen. It was discovered that you are due for a salary increase starting July 2016.

Your salary raise documents are enclosed below:

Access the documents <link redacted>

Human Resources & Benefits

Vanderbilt University

Email links are blocked on campus networks; however, users can access links while off campus or while using mobile devices not connected to vuNet. Clicking on the link leads to a page asking the user for login credentials, as well as Social Security numbers and answers to C2HR security questions.

If you have received such an email, DO NOT click on the link and please call the Help Desk at (615) 343-HELP immediately to report the email.

If you have already clicked the link and have provided personal data, call the Help Desk at (615) 343-HELP for assistance with changing your ePassword and verifying C2HR direct deposit settings.

If you have typed your Social Security number into the phishing site, you should consider signing up for a credit monitoring service.