There are several types of common employment-related scams that you should be aware of as a University employee. See below for a list of potential scams, how they show up, and steps to take if you encounter them.
What to Do If You Think Your Information Has Been Compromised
- Make sure to report information security incidents to UIS at [email protected] as soon as possible.
- Visit identitytheft.gov to learn about immediate actions to take to protect your identity.
- Learn how to freeze your credit and monitor your credit from the Federal Trade Commission.
- If you believe you are a victim of identity theft and are a benefits-eligible employee, you can have one free 60-minute consultation with a Fraud Resolution Specialist who will outline an action plan for you to restore your identity. For an additional fee, they will execute a full restoration on your behalf. Get started at umn.lyrahealth.com or by contacting Lyra at 1-877-295-8939.
- If your University device is lost or stolen, report the theft or loss as soon as possible. (Note that you will need to log in to open the reporting link. If you cannot access Duo authentication, contact OIT for help.)
Tips to Protect Your Information
- Use multi-factor authentication (such as Duo) to add another layer of security to your accounts.
- Choose strong passwords and keep them safe.
- Enable security features on your device.
- Use your device securely. Verify applications before downloading, use secure WiFi networks, keep your operating system up to date, and limit your device to only necessary applications and services.
- For personal devices, follow the Cybersecurity and Infrastructure Security Agency’s guidance on proper disposal of electronic devices.
- Bookmark important websites, such as MyU and your bank, rather than searching for them.
- Follow best practices for traveling internationally with technology.
- Choose to receive your W-2 form exclusively online. W-2 forms can be stolen from the mail and used to commit income tax fraud. To consent to online W-2 forms, go to the My Pay tab in MyU. Then choose “W-2/W-2C Consent.”
Types of Scams
Unemployment Insurance Fraud
How This Scam Shows Up
You may receive or see:
- Communications about unemployment insurance forms when you have not applied for unemployment benefits
- Unauthorized transactions on your bank or credit card statements related to unemployment benefits
- Unexplained fees involved in filing or qualifying for unemployment insurance
What to Do
Report the fraudulent activity to the University Information Security (UIS) at [email protected] and Employee and Labor Relations team at [email protected] as soon as possible. Then go to the State of Minnesota Unemployment Office site to file a report and see the “What to Do If You Think Your Information Has Been Compromised” section below.
Direct Deposit Fraud
How This Scam Shows Up
Most commonly, you receive an email with a link to a fraudulent form that prompts you to provide your username and password and approve a Duo notification. However, scammers can try to get your credentials in many ways, such as with password stealer malware or other phishing tactics (see the “General Phishing, Email, and Web-Based Scams” section below).
When scammers steal credentials, they can use this information to go into your MyU direct deposit set-up and change it to an account to which they have access. If this change is not discovered before a payroll close date, the funds are sent to their account, not yours.
What to Do
If you receive a suspicious email, do not share your password or approve any unexpected Duo pushes or phone calls.
Check your direct deposit setup in MyU under My Pay. If it has been changed, correct the information and change your password. Then, report the incident to UIS at [email protected] and your unit or college HR department as soon as possible. Your HR department will report the issue to Payroll Services, which will investigate and work with you to take the appropriate action. Also, see the “What to Do If You Think Your Information Has Been Compromised” section below if needed.
General Phishing, Email, and Web-Based Scams
How This Scam Shows Up
Phishing and other scams can show up through unexpected emails, text/SMS messages, or scary-looking pop-ups. These scams may seem to come from colleagues at the University or other higher education institutions, or they may be fraudulent web pages that look like MyU or other University login pages. One sign you may have fallen for a scam is getting an unexpected Duo push or phone call.
What to Do
- Do not provide your account credentials via unusual or suspicious login methods, such as over text message or Google form.
- Do not approve any unexpected Duo pushes or phone calls.
- Forward any suspicious messages to UIS at [email protected] as soon as possible. You can also send screenshots of pop-ups or text messages.
- If you may have shared your login credentials or accepted an unexpected Duo push or phone call, change your password immediately. Then, report the incident to UIS at [email protected] as soon as possible.
For more information on navigating these issues, visit the Office of Information Technology’s Recognize and Report Email Scams page.
Income Tax Fraud
How This Scam Shows Up
Income taxes are filed under your name without your knowledge. If this happens to you, the IRS will notify you that your tax return has been rejected.
What to Do
Report the incident to UIS at [email protected]. Also, see the “What to Do If You Think Your Information Has Been Compromised” section below if needed.
For more information on common scams during tax time, check out the Taxpayer Advocate Service’s How to Keep Your Personal and Tax Information Safe post.
Retirement and Financial Consultations
How This Scam Shows Up
Companies claiming or implying that they’re University partners may reach out via phone call, social media, or email to offer financial advisory services. The following companies have reached out to employees but are not official University vendors:
- Benefit Link
- District Retirement Services
- Edify Financial Consulting Group
- Employee Retirement Advisors (ERA)
- Employee Retirement Assistance
- Public Retirement Exit Solutions (Pres Financial)
- Strive Consulting (you may also see "Minnesota Retirement Review" in these materials)
- United Financial Services
What to Do
You can check the Benefits Vendor Contacts page if you receive a benefits-related message and aren’t sure if it came from a University vendor.
If the vendor is not a University vendor, you can ignore the message. Or, if you’re interested in the services, make sure to research the company. Learn more about retirement fraud from the U.S. Securities and Exchange Commission.
Additional Resources
- Learn about general scams and identity theft prevention from Fidelity Investments, the official retirement plan provider to University employees.
- Learn about reverse mortgage scams from LSS Financial Counseling, official financial counseling provider to University employees.