Preventing fraudulent changes to the direct deposit information of UBC staff

UBC Cybersecurity is aware of multiple Payroll Direct Deposit phishing campaigns in progress and we need your help to identify and report these attacks as they happen.

You can take preventative action by monitoring your own direct deposit information for any anomalies during this period and reporting concerns about potential phishing or fraud attempts immediately to security@ubc.ca. The team is happy to review emails or any other form of electronic communication to assist in validating a request.

Please keep the following in mind:

• Ensure that proper processes are ALWAYS followed including all amendments to Direct Deposit information must be done by the individual themselves using Workday Self-Service. 
• Watch for the [CAUTION: Non-UBC Email] banner at the top of emails. 
• Be extra wary of messages that convey a sense of urgency. 
• Beware of messages claiming certain services like Workday or CWL aren’t working.
• Do not open attachments that you weren't expecting, especially if they require a password to open.      
• Do not click on links in messages - Always type the website address into your browser.
• Trust your instincts.
• Report any suspicious email messages to security@ubc.ca. 

 
Remember, no matter who someone claims to be, you should never feel pressured to "help" someone by engaging in steps that do not follow proper procedure and protocol. Always report to security@ubc.ca. To learn more about this type of email fraud visit our spear phishing page.