The University has been targeted by phishing campaigns designed to steal user credentials for many years. Phishing is the chief method that attackers use to compromise accounts -- they trick the user into giving away credentials (user name and password) using fake login pages or with "send us your ID and password by reply to this email" attacks.
Stolen credentials are used for many purposes, such as sending spam from compromised e-mail accounts, gaining access to university-licensed resources, and hosting malware.
Recently, however, attackers have started using the stolen credentials to attempt to steal money from the individuals involved. The attacker uses the harvested credentials to access the victim's payroll information and re-route direct deposits to a bank account controlled by the attacker.
These latest incidents illustrate the value your University Internet ID has to people outside the University. All University students, faculty and staff should secure their Internet ID by setting a strong password and following University data security standards .
University Information Security (UIS) and payroll have processes in place to proactively discover known attack activity, but if your University account is compromised you should proactively verify your personal information, including direct deposit.
For additional information on this subject, please see the REN-ISAC advisory regarding payroll theft schemes tied to phishing. at: http://www.ren-isac.net/alerts/REN-ISAC_ADVISORY_University_Payroll_Theft_20141112_TLPWHITE.pdf.