Protect your pay from email scams
A recent phishing email incident on one University of Colorado campus highlights how crucial it is to protect your personal information online. Last month, CU Denver employees received an email asking them to confirm their employee credentials by clicking on a link that led them to a fraudulent website designed to look the CU employee portal. Criminals stole any credentials entered on this site and used them to alter direct deposit allocations, thus stealing their pay.
Law enforcement is investigating, and CU is working with affected employees.
Any time you make changes to direct deposit information, we will send a notification email. If you receive this email and have not altered your preferences, contact Employee Services. Shortly, the direct deposit link will be accessible only on campus or via a campus VPN.
You can always check your electronic paystub in the employee portal, five business days before each payday. The sooner errors are reported, the more likely we can stop false transactions. Questions? Call 303-860-4200, option 2, or email firstname.lastname@example.org.
Safeguard against phishing email attacks
1. Remember that CU will never ask you to submit personal or confidential information via email.
2. Look at the address in the “From” field of the email. While the sender may claim to represent CU, if the address in the “From” field doesn’t contain “cu.edu,” chances are good the email is deceptive.
3. Read between the lines. Does the email in question read like anything the university has sent you? Many phishing emails are hastily written and contain glaring grammatical errors.
4. Do not click on Web links in emails. Instead, open a Web browser and type in the address you wish to visit. If you ever doubt the legitimacy of an email claiming to be from CU, contact your campus IT helpdesk, or call the sender to confirm he/she emailed you.
5. If you do click on a Web link in an email, always look at the Web address in your browser’s address bar. CU Web addresses generally contain “colorado.edu,” “cu.edu” and “ucdenver.edu.”
6. Educate yourself on phishing. Find helpful information, including current and past issues of the Office of Information Security’s monthly email, at https://www.cu.edu/ois.