July 1, 2014

Paycheck theft scam targets VUMC employees

Shortly after 4 p.m. on Monday, June 30, the Vanderbilt email system received phishing emails that appear to be targeting Medical Center employees. Likely it appears to specifically target M.D.s. These emails appear as follows:


The link in the email actually goes to a website in Russia (sibeik.ru), which mimics the C2HR login page. Once credentials are presented at that fake site, the page redirects to a fake Vanderbilt Outlook Web Access (OWA) page which also gathers credentials. If the OWA page is submitted, the user is then redirected to www.vanderbilt.edu (the real one). The Russian website has since been blocked from on-campus access; however, those accessing their email from off campus or from mobile devices will likely still be able to reach it.

Recent similar activity noted at other universities suggests that the phishing attackers are targeting M.D.s to try and gather their login credentials to utilize the Direct Deposit function of C2HR, in order to change Direct Deposit configurations and thereby steal paychecks.

Anyone who received the email above, or ones similar to it, and clicked on the link provided and entered his or her VUNetID and e-password, should contact the Help Desk and change e-passwords immediately, and also should then verify that their Direct Deposit settings in C2HR have not been modified.