A Message from the North Dakota University System
A message from NORTH DAKOTA UNIVERSITY SYSTEM
I want to take a minute of your time to pass along some critical information that will help keep your employee information safe. We have learned that one of the latest email phish spoofs involves campus employees who are being tricked into revealing their PeopleSoft passwords. If revealed, the password is then used to change a person’s direct deposit information. Campuses across the country are reporting this attack.
The attacks are being done in a couple of ways:
One method is to send out an email that looks like an official campus email, asking you to verify your password. The goal is to give you a sense of urgency so you don’t have time to think. Phrases are used such as:
- Validate, verify, update your account!
- Your email is full.
- Your account will be deleted.
The second method being reported is that webpages get diverted to a phony site that looks very much like an official campus site or PeopleSoft login page. The official login URL for PeopleSoft HRMS is https://adminsys.ndus.edu/psp/hehp/?cmd=login. Before you sign into PeopleSoft HRMS, make sure you are using this URL (including the “s” in “https,” which indicates it is a secure connection). Note the entire URL, since these attempts often include a URL which looks very similar to the legitimate one.
Don’t fall for these tricks. You will never be sent a legitimate email asking you for your PeopleSoft password.
If you receive what appears to be a phishing attempt, don’t click on any links; just forward the message to your campus Information Technology department.