The Office of Information Security has received several reports of a phishing attempt using a compromised email account to solicit personal information in response to a fake job offering. This fraudulent email requests that recipients reply with an “alternative email address” and “direct cell phone number” to receive additional information about the position. Recipients who respond with the requested information to the original phishing email will be asked for further personal details in subsequent messages. Below, you will find an example of the message.
Recipients of messages like these should forward them directly to phishing@wustl.edu so the Office of Information Security can include them in our investigation.
If you receive an email requesting personal information, it is a good practice to reach out to the sender via phone to confirm that they are the ones requesting the information. Phishing emails often contain spelling and grammatical errors. If you see those in an email, even from a known sender, it is a good idea to reach out by phone to confirm their account has not been compromised.
Thank you for your time and assistance as we work to maintain the integrity of our enterprise systems.
If you have any questions or additional information, please reach out to us directly at infosec@wustl.edu.