Phishing scam compromises several Arkansas State University students
by February 7, 2018 4:21 pm 339 views
Arkansas State University is recommending its students check their online accounts to verify the bank accounts attached to their logins, and to update their account passwords based on reports of internet fraud.
At least 11 students have had funds redirected from their designated direct deposit accounts by fraudulent means, the university system reported. A check of student accounts by the ASU Information Technology Department and Treasurer’s Office reveals the potential for several more students. The students are being contacted today by university representatives.
“I want to ask every student to log into their student account as soon as they can and do two things,” said Chancellor Kelly Damphousse. “Make sure you change your password and then check that your direct deposit is correct.”
Phishing emails are believed to be the source of the redirection of money. In these schemes, perpetrators lure students into providing their login and password, and then access the student’s online account to change the routing address for direct deposit.
The university recommends students check the account number they entered for their direct deposit of financial aid funds immediately to see if it has been changed and replaced with a fraudulent direct deposit account number. If students notice a change in their direct deposit, or a direct deposit account they did not create, they should contact the Treasurer’s Office. After verifying the direct deposit, the ASU IT Department recommends students reset their account passwords and security questions immediately.
“We are actively assisting the affected students in recovery of the funds that were wrongfully taken,” Vice Chancellor for Finance Dr. Len Frey said. “This is unfortunately similar to scams used last fall with five students.”
In an attempt to educate students after the fall phishing, the Treasurer’s Office sent emails to all active spring semester students instructing them to verify their accounts and to not give their login and password to anyone.
Specifically, students should check the A-State Payment System, or MyBill, link via MyCampus to determine there isn’t a fraudulent account attached. Additional instructions are available and are posted also inside the MyCampus landing page.
ASU will never ask for student login and passwords through email. This should be the first indicator of a false attempt to gain access to student accounts.