Payroll Scams Thwarted

Scan your email junk folder and you may conclude that we can safely add email scams to the small list of certainties in life, right alongside death and taxes.

The IRS has warned that the number of e-mail scams this tax season increased by 400% compared to last year. Many of these scams seek to steal W2 or payroll information from businesses and employees. As last week’s hack at Illinois State University shows, stealing the login information from just 13 employees can lead to an estimated $50,000 in stolen wages.

Thanks to the work of the Privacy and Information Security Team at Technology Services and other units at the University of Illinois at Urbana-Champaign, employee payroll-targeting phishing attacks that would otherwise have been successful were detected and thwarted before any of the online perpetrators were able to benefit. These efforts resulted in preventing the loss of over $200,000 in paychecks to direct-deposit fraud and similar scams.

In 2015, employee paychecks totalling an estimated $49,455.13 were saved from hackers because direct deposit theft actions were detected and stopped. And only a few months into 2016, thwarting direct deposit thefts has prevented $165,044.68 from being stolen from University of Illinois employees.

The Privacy and Information Security Team monitors suspicious behavior related to the direct deposit system. Then working with other offices on campus, Technology Services intervenes before any direct deposits are actually lost.

Many of these scams attempt to steal an employee’s login and password, and then alter the employee’s direct deposit information. Common forms of this scam include asking an employee via email to click on a link to log in to a malicious web page to confirm a pay raise or new contract. Once the employee has logged in to this fake page, the hackers have control of the individual’s NetID and password. They then use those credentials to reroute the employee’s paycheck.

University employees who receive a suspicious-looking email should not reply with sensitive information or passwords. It is also strongly recommended that employees do not click on any links in a suspicious looking email. 

More tips for spotting phishing emails can be found on the Security website.

If you are unsure if an email request is real or not, please contact the Technology Services Help Desk by email ( or by phone (217-244-7000) for assistance.