Skip to main content

Cornell University

Modification of Payment Information

This phish typically originates from a non-Cornell account. The sender may appear as "[Spoofed Name] <[user]> " and impersonates a Cornell employee. The bad actor typically attempts to socially engineer a Human Resources staff member to make a fraudulent direct deposit change. Do not reply to the sender.

Hi [Name],

I changed my bank and i want to update my paycheck direct deposit details before next pay

What details do you need ?

[Spoofed Name]
Postdoctoral Research Fellow
at Cornell University

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.