Modification of Payment Information
This phish typically originates from a non-Cornell account. The sender may appear as "[Spoofed Name] <[user]@adminvision.ro> " and impersonates a Cornell employee. The bad actor typically attempts to socially engineer a Human Resources staff member to make a fraudulent direct deposit change. Do not reply to the sender.
Hi [Name],
I changed my bank and i want to update my paycheck direct deposit details before next pay
What details do you need ?
Regards
[Spoofed Name]
Postdoctoral Research Fellow
at Cornell University