Direct Deposit Scams

NYU has seen several recent scams that involve obtaining an employee’s NetID and password, which are then used by the scammer to alter the employee’s Direct Deposit information, resulting in the employee’s paychecks being re-directed to the scammers’ bank accounts. We want you to be aware of these scams, what we are doing to protect your Direct Deposit, and what you should do to protect yourself.

These scams usually occur as a result of:

  • A “phishing” email that sends the recipient to a website to “update” their Direct Deposit information, or
  • A compromised account, where the scammer obtains the employee’s NetID and password, signs on and changes the Direct Deposit instructions.

This can then result in funds going to the scammer’s bank account instead of the employee’s bank account.

NYU Payroll has a process in place for detecting Direct Deposit changes; when changes are made to an employee’s Direct Deposit instructions, Payroll sends a confirmation email and asks employees to notify Payroll if anything is amiss. Please pay attention to any email of this sort from NYU Payroll, and if you have not authorized a change to your Direct Deposit, follow-up by contacting PeopleLink (AskPeopleLink@nyu.edu or 212-992-5465) immediately.

In the event of any unauthorized attempt to change your Direct Deposit, it is very important that you promptly change your NYU NetID password to ensure the integrity of your account. This Knowledge Base article describes how to change your password. Should you have any questions or trouble, please contact the IT Service Desk, open 24×7.

Do not fall victim to phishing attempts:

  • Keep your eyes open for any email requesting that you “confirm” your sign-on credentials or threatening immediate account closure.
  • Remember that NYU IT/HR/Payroll personnel will never send you an email asking for your NYU NetID password. If you receive email that you think is a phishing, please forward it to phishing@nyu.edu.
  • Make sure, when you are logging into a single sign-on NYU service, that the URL displayed on your browser starts with https://shibboleth.nyu.edu.

If you do respond to a phishing attack, change your password immediately and check your Direct Deposit information in PeopleSync (Workday), which you can access from the NYUHome Work tab.

NYU is working on methods for adding another authentication step, as many banks have done, to ensure additional security.