Payroll funds for multiple WSU employees stolen by phishers


Update 4:30 p.m.: WSU has released a statement saying the phishing payroll scheme has been reported to the FBI. Three university employees were affected. “There’s no evidence that any student information has been compromised,” the statement said.

Multiple university employees recently had their direct deposit payroll information stolen and funds diverted to a phisher’s bank account, university officials said in an email to staff members Wednesday.

The funds were stolen by phishing emails that “seem to be very real,” Lois Tatro, associate vice president of financial operations, said in the email.

“So real in fact that employees have clicked on the link, entered their myWSU ID and password which provided the hacker IMMEDIATE access to personal information such as BANK ACCOUNTS, ADDRESSES, STUDENT RECORDS, etc!” Tatro wrote.

“If you think you have done something similar, you should change your password immediately and check that your bank account information is correct. These types of security breaches are costly for the employee, and the University and we ALL must do everything we can to prevent this from happening again!”

Tatro wrote that at least a “handful of employees” had their direct deposit payroll diverted to another bank account, losing their full payroll amount.

Tatro was not available to provide more information Thursday morning.

In a separate email to staff members Wednesday, Provost and acting president Rick Muma said he is aware of at least two faculty members who recently responded to the phishing scheme.

“This obviously leads to the two faculty members not receiving their correct pay and significant financial loss to the department to make the faculty members whole again,” Muma wrote. “We will not be able to do this in the future.”

Emails asking for WSU IDs and passwords can be forwarded to [email protected] or reported at 978-4357.