The UCLA Information Security Office is aware of UCLA staff being targeted by messages from cyber criminals attempting to commit payroll fraud by sending fake phishing emails or calling HR and Payroll staff requesting a change to employee bank account information. The fake emails are typically requesting a change of banking details and appear to use the employee’s correct sender name and email signature. Callers have enough information about the actual employee to impersonate them successfully. Please note all Payroll changes must be completed via UCPath and not communicated through email. Be sure the email address is that of your employee and not spoofed. Be cautious of requests for bank account changes that originate via email, especially if the email has an urgent or vague subject line.
Common email subject lines for this scam include:
- “Payroll”
- “Urgent Payroll Request.”
- “Urgent Request!!”
- “Changing of my Direct Deposit”
- “change in Direct Deposit”
- "Update My Info"
If you receive a suspicious email, do not click on any links or open any attachments within the message. Please do not reply to the email and immediately contact security[@]ucla.edu and report it to your IT team.
Sample phishing emails