30 May 2017 
Matt Sisson, Projects and Membership Manager
At the beginning of February we alerted readers to a significant fraud risk involving a phishing email that asked recipients to update or confirm their university intranet HR / Bank details. The details provided were then used to divert payroll to fraudulent accounts. We provided full details on the fraud discussion boards, and there have since been further alerts via email and at regional meetings. The fraud gained the attention of the National Fraud Investigation Bureau (NFIB) who, among other suggestions, advised universities to “prompt all staff and students to change any password associated with their university email/IT accounts. Due to potential data breaches, it is recommended that universities discuss with the IT departments about issuing a mandatory password reset for all users”.
Unfortunately, we’ve since received news that a HEI has since suffered a loss through this fraud in its May payroll. If you are at all unsure whether your institution has verified all staff and student bank account changes since the turn of the year, and has put in place robust methods for doing so on a continuing basis, please double check to ensure no further sector losses.
