Press Release

Cyber Criminals Targeting University of Payroll Systems

By Chris Heller • November 18, 2014

Cyber Criminals Targeting University of Payroll Systems

Higher Education faculty and administrators are being targeted with sophisticated spearphishing attacks.Higher Education faculty and administrators are being targeted with sophisticated spearphishing attacks.

SAN RAMON, CA. /Newswire/ – According to a recent advisory issued by Research and Education Networking Information Sharing and Analysis Center (REN-ISAC), Higher Education faculty and administrators are being targeted with sophisticated spearphishing attacks. Cyber criminals harvest credentials and then alter victims’ payroll bank account information to re-route direct deposits to bank accounts controlled by the cyber criminals.

Tactics, techniques and procedures (TTP’s) of the cyber criminals include:

  • Altering direct deposit account information
  • Spoofed to appear as if message came from the appropriate department, e.g. HR for “salary increase” lures or IT department if “mailbox exceeded”
  • Spoofed login screens that are a close replica of legitimate login screen
  • Targeting of faculty and staff
  • Using university images within e-mails text
  • Spoofed institutional-specific prompts for additional credential information, e.g., PINS, bank account numbers.
  • URLs mimicking legitimate (and accessible) portal URLs
  • Use of the “salary increase” approach seems to coincide with end of the fiscal year.

The phishing e-mails have contained official institutional images, often via an HTML image link direct to the resource.

“Higher Education is a honey pot for the bad guys. We know of dozens more institutions that have been spearphished than are mentioned in the REN-ISAC report,” according to Greg Wendt, Appsian’s Executive Director of Security Solutions.

Appsian’s Security Suite complies with REN-ISAC’s recommended prevention techniques:

  • Redacting or masking of sensitive data
  • Implementing Two-Factor Authentication at the transaction layer
  • Limiting self-service functions by location – on- or off-campus
  • Detailed and specific logging of the most critical events

“Our recent Security webinar series focused on helping organizations mitigate cybercrime. How to implement Two-Factor Authentication and Logging/Analysis and Incident Response contain information that will thwart the bad guys,” stated Mr. Wendt.

Recordings of the webinars can be found on Appsian’s website. The full REN-ISAC advisory can be found here.

About Appsian – Formerly GreyHeller.
San Ramon, California-based Appsian serves Oracle® PeopleSoft customers globally across all industries, helping them secure and mobilize their PeopleSoft investment. Appsian’s software solutions – PeopleMobile®, ERP Firewall and Single Signon – are in production at nearly 100 PeopleSoft customers. PeopleMobile® renders PeopleSoft responsive across any mobile device and desktop. ERP Firewall and Single Signon protect PeopleSoft customers from criminal and inadvertent breach. For more information about Appsian, please visit

Appsian – Formerly GreyHeller
Hendrix H. Bodden
925.415.5053 Office
312.661.6931 Mobile

Start your free demo

"Learn how you can reduce risk with rapid threat protection, audit response and access control. All from a single, comprehensive platform"

Trusted by hundreds of leading brands