It Only Takes 1 Phish: Wichita State University Employees Get Fooled Into Losing Their Paychecks


Three employees of the university fell prey to a common phishing scam asking for their credentials, giving cybercriminals access to change banking details.

We’ve said it time and time again: the bad guys do their homework. In the case of the attack on WSU employees, cybercriminals spoofed the university’s payroll system and sent emails to employees tricking them into providing their university ID and password. That was all the attackers needed to gain full control to the employee’s profile, personal data, and most importantly – banking information.

It wasn’t until a number of employees did not receive their paychecks that the scam was found out. At least three members of the WSU staff fell for the scam, allowing cybercriminals to alter the employee’s personal banking details which caused paycheck payments to be routed to the criminals’ bank.

The university implied that they would make the employee whole, despite not being responsible for the attack, but indicated that they would not be able to do so in the future should it happen again.

Cybercriminals are in the business of ensuring their efforts pay off. It’s the primary reason they target specific industries, businesses, and even people. The more context they can gather (e.g., the payroll system used specifically by WSU), the higher the chances of successfully fooling an employee into taking the bait.

Organizations need to elevate the security-mindedness of employees to avoid incidents like this. When users undergo Security Awareness Training, they are taught about the attacks methods used, and to be suspicious of anything that seems out of the ordinary, scrutinizing email, web pages, and even phone calls – all in the name of protecting the organization from successful attack.

Free Phishing Security Test

Would your users fall for a phishing scam like this? Find out now before the bad guys do! Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry


Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: 

Topics: Phishing

Subscribe To Our Blog

Anti-Phishing Guide ebook

Get the latest about social engineering

Subscribe to CyberheistNews