Office of the Vice President and Chief Information Officer Yeman Collier: ALERT — Direct Deposit Attacks


UT Health San Antonio,

A phishing campaign recently resulted in the redirection of payroll deposits for 22 employees across three University of Texas campuses, including our own. You’re likely aware that we require 2-factor authentication (2FA) for any off-campus Peoplesoft-related actions. Those users successfully targeted either had an active/open secure session from prior activity within Peoplesoft, or accepted a nefarious 2FA prompt. Once the bad actor gained control of the account, payroll direct deposit routing/account information was changed unbeknownst to the user.

The Finance, Human Resource and Technology divisions are currently working to employ additional controls that will help guard against future attacks. Each of you are allies in safeguarding against these types of attacks so please consider the following:

  • Be sure to log out of secure sessions. When you log into a secure session, whether on or off campus, be sure to log out of the session once completed. This is especially critical with mobile devices, as most successful breaches use this vector.
  • Passwords. Maintain strong passwords/passphrases, never disclose them and avoid using the same for multiple accounts (Ex: Same password for UT Health San Antonio, online banking and social media accounts).
  • Beware of “2FA fatigue” with all online accounts. Your accounts for banking, insurance, Amazon, Apple and online retailers are all potential targets. If you didn’t initiate an action with a particular account, it’s often an attempt to falsely authenticate.
  • If in doubt…don’t. Be extremely cautious of suspicious-looking emails, attachments and links. If you’re just not sure whether it’s safe to click or open…don’t.

Please contact Information Security at and 210-567-0707 with any questions about how to further protect yourself from cybercriminals, and immediately report suspicious activity or messages.

Thanks for your attention to this very urgent matter.


Yeman Collier, Chief Information Officer
UT Health San Antonio
Office: 210-567-7052

Share This Article!