Crime & Courts

WSU employees fall victim to phishing scam, lose paychecks

At least three employees of Wichita State University did not receive their paychecks recently after they were targeted by computer hackers.

The employees were victims of an e-mail phishing scheme, which asked them to type in their university ID number and password, allowing scammers to access bank account numbers, student records and other personal information, according to university officials.

Lois Tatro, WSU’s associate vice president of financial operations, said in an e-mail to employees Wednesday that “a handful of employees had their direct deposit payroll diverted to another bank account, losing their full payroll amount.”

Tatro said employees who think they may have responded to such an e-mail should change their passwords and check that their direct-deposit bank account information is correct.

In a statement released Thursday afternoon, the university said three WSU employees lost their payroll direct deposits and that WSU Police reported the phishing scheme to the Federal Bureau of Investigation.

“The university’s computing system was not hacked or compromised in this situation,” the statement said. “Rather, the employees responded to an email than enabled an unauthorized user to access their payroll information.

“There is no evidence that any student information has been compromised.”

University officials did not say whether employees affected by the phishing scheme were compensated for lost pay.

However, in a separate e-mail to employees Wednesday, Provost and acting president Richard Muma implied that faculty members had been compensated by the university:

“This obviously leads to . . . significant financial loss to the department to make the faculty members whole again,” Muma wrote in the e-mail. “We will not be able to do this in the future.”

Because each state university in Kansas runs its own payroll system, the question of whether to compensate employees for lost wages is up to the university.

University spokesman Joe Kleinsasser said Thursday that, “We don’t think the university or employees in this case will be out too much in the long run because there’s a process to reclaim funds from banks when direct deposits go astray.”

WSU employees should “guard your myWSU credentials with the same care as you would your online banking credentials,” Tatro said in Wednesday’s e-mail. “WSU will never send you a link asking for your ID and credentials.”

WSU students, faculty, and staff have been directed to forward suspicious emails — including those asking for their myWSU ID or password — to an internal account for investigation.