Phishing successfully targets employee pay

Recent malicious emails a reminder to be protective of personal info

A recent phishing email incident on a University of Colorado campus that led to stolen pay highlights just how crucial it is to take precautions to protect your personal information online.

Last month, CU Denver employees received an email asking them to confirm their employee credentials by clicking on a link that led to a fraudulent website resembling the CU employee portal. Criminals stole credentials entered on this site and used them to alter employees’ direct deposit allocations, thus stealing their pay.

Law enforcement is working with CU to investigate these crimes, and the university also is working with those affected by the scam. This was not a security breach of CU’s systems; unfortunately, it was the result of a few individuals who fell prey to a malicious email by entering their employee login information into a fraudulent website.

To help ensure the security of your personal employee information, you may now only access the employee portal while on a CU campus or an affiliate campus (Children’s Hospital Colorado, National Jewish, University of Colorado Hospital, University Corporation for Atmospheric Research and University Physicians Inc.). You also can access the portal by connecting to your campus’ virtual private network (VPN).

CU and universities in general are attractive phishing targets because they traditionally have been more open information-sharing environments, says Chirag Joshi, assistant information security officer in CU’s Office of the President. Online directories and Google searches give anyone with an Internet connection access to employees’ phone numbers, and email and campus addresses. This highlights the need to remain alert and security conscious, he says.

Tips to help you spot this and other types of phishing email attacks:

  • Be on the lookout for account-change alerts. Whenever employees change their direct deposit information, CU’s Employee Services team notifies them via email. If you receive this email and have not altered your preferences, contact the Employee Services payroll team immediately at 303-860-4200, option 2, or at
  • Check your paystub. You can always check your electronic paystub, available within the employee portal, five business days before each payday. The sooner you discover and report an error, the more likely false transactions can be stopped.
  • Remember that CU will never ask you to submit personal or confidential information via email.
  • Look at the address in the “From” field of the email. While the sender may claim to represent CU, if the address in the “From” field doesn’t contain “,” chances are good the email is deceptive.
  • Read between the lines. Does the email in question read like anything the university has sent you? Many phishing emails are hastily written and contain noticeable grammatical errors.
  • Do not click on Web links in emails. Instead, open a Web browser and type in the address you wish to visit. If you ever doubt the legitimacy of an email claiming to be from CU, contact your campus IT helpdesk, or call the sender to confirm he/she emailed you.
  • If you do click on a Web link in an email, always look at Web address in your browser’s address bar. CU Web addresses generally contain “,” “” and “”
  • Educate yourself on phishing. Find helpful information, including current and past issues of the Office of Information Security’s monthly email, at