Boston University Employees’ Paychecks Stolen Through Internet Scam

The FBI is investigating.

Get a compelling long read and must-have lifestyle tips in your inbox every Sunday morning — great with coffee!

Federal investigators are trying to help a number of Boston University’s employees figure out who bilked them of their December paychecks.

According to BUToday, 10 workers from the school had their funds diverted to accounts run by computer IP Addresses in different parts of the U.S. and Africa. Unfortunately, according to officials, it’s common to reroute traffic through multiple computers in these types of scams to throw off the trail leading to the actual perpetrator.

“This means that the IP addresses we detect at the far end may have nothing whatsoever to do with the actual attacker,” Quinn Shamblin, BU executive director of information security, told BUToday.

While there are no suspects at this time, the school has roped in Attorney General Martha Coakley’s office and notified officials from the state’s Office of Consumer Affairs and Business Regulation. The FBI is even nosing around to get to the bottom of the scam.

According to the school, how the alleged phishers, “who usually obtain confidential information via an email solicitation claiming to be from a legitimate organization,” got the private usernames and passwords of the BU employees is unclear. The report did not indicate whether or not the employees impacted by the scam were members of the school’s faculty.

From the report:

The University learned of the attack when several employees reported that they hadn’t received their direct deposit paychecks for December. Another university informed BU that one of its employees received a direct deposit that wasn’t hers. Erika Geetter, BU vice president and general counsel, says the amount and bank routing information of that deposit were identical to those of one of the 10 victimized BU employees.

A total of 78 employees’ Kerberos accounts were tapped into by the suspicious IP addresses in December, but just the 10 accounts containing direct deposit bank information were breached. Regardless, the school is investigating whether the phishers may have tapped into the other remaining accounts. The school shut down their direct deposit services once they were notified about the scam and restored it three days later.