Links Removed from Payroll, Finance Email Notices for Improved Security - 01/22/09

Security concerns and the potential for identity theft mean Purdue employees will no longer be able to click a link in payroll notification emails and go directly to their salary statements.

Instead, the payroll notifications will include directions to the OnePurdue portal, where employees can log in securely with their Career Account user name and password, then choose to view their salary statements. The change will take place with the next payroll notification.

Beginning next month, faculty and staff who receive an email notification that monthly financial reports are available will no longer receive a link that leads directly to their reports.

Removing links from email messages should improve information security for the campus community. James Almond, interim executive vice president of business and finance and treasurer, and Gerry McCartney, vice president of Information Technology and CIO, are urging staff to stop sending any email with hyperlinks to potentially sensitive data.

Jeff Whitten, associate vice president of IT Enterprise Applications, said this change is needed to protect Purdue employees from “phishing” scams in which computer hackers send counterfeit email with dangerous links.

“Ostensibly, hackers could get hold of one of the University’s payroll notifications and mimic it with a bogus email,” Whitten said. “It could include a link to a phony log-in screen that could capture the recipient’s Career Account and password and allow the hacker access to all sorts of personal and sensitive information.”

Access to the OnePurdue portal is available on several University Web sites, including the University home page, where “OnePurdue Portal” is listed below the “Access Purdue” header on the lower right side. Users also can create a shortcut to the portal by bookmarking the site as a “Favorite” in their Web browser.

For more information about the elimination of links from email messages, contact the University’s Information Technology Networks and Security Chief Scott Ksander at 496-8289 or send him an email at Details about the dangers of email links are also available through the SecurePurdue Web site.