Alerts

The Federal Bureau of Investigation warns the public about scams during the holidays. The big four scams of the season are:  According to the Internet Crime Complaint Center’s (IC3) 2023 report, non-payment and non-delivery scams cost people over $281 million that year. Credit card fraud accounted for another $264 million in losses.  Click with caution Don’t click any suspicious links […]

Many feel compelled to give in times of crisis. Charitable donations play a crucial role in providing aid after natural disasters and humanitarian emergencies. However, scammers often take advantage of this generosity, preying on good intentions. The WashU community can protect our contributions by recognizing legitimate charities and spotting the characteristics of scams.     Above is […]

The Office of Information Security has observed a trend in which criminals advertise a job using a student’s email address from Clark Atlanta University. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment.  If you see a message like the one below, please […]

Use of Adobe’s AI Assistant with any WashU Confidential or Protected Information, including both Personally Identifiable Information (PII) and Protected Health Information (PHI), is not permitted. Due to data retention and use policies of the Adobe AI feature, WashU IT will begin disabling its use on our systems starting next week. The impacted applications are […]

With the approach of Missouri’s last day to register to vote before the November election, October 9, expect scammers to take advantage of the situation. We Americans are accustomed to election advertisements and voter registration campaigns, so when a scammer reaches out under the pretense of campaigning, it can be hard to spot the ruse. […]

The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment.    If you see a message like the one below, please do […]

Use of Adobe’s AI Assistant with HIPAA Protected Health Information (PHI) is not permitted at WashU. While Adobe’s information security and intellectual property protections are compatible with other uses, federal law requires a Business Associates Agreement (BAA) before HIPAA PHI may be shared with a third party. Non-AI Assistant use of Adobe desktop products keeps […]

The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment.   If you see a message like the one below, please do […]

The Office of Information Security observed a trend where criminals email members of our community false direct deposit change notifications with a malicious link. They hope the victim will click the link and give their WashU credentials or direct deposit information. Payroll Services does not change direct deposit information. Only employees can change it themselves […]

Microsoft has released some Windows 11 PCs with a new feature called ‘Recall,’ which has privacy and security issues. ‘Recall,’ if enabled, takes screenshots of all activity in Windows 11 and then places that information in local storage for future access. No action is needed at this time – ‘Recall’ is off by default and […]

Criminals who’ve stolen WUSTL Keys and passwords are masquerading as IT support over text messages to get us to enter Duo verification codes. Legitimate WashU employees will not ask you to enter codes into your Duo app. Only enter a verification code if you are logging in for yourself. Do not enter a code given […]

Members of the WashU community are receiving fraudulent phone calls from criminals asking them to enter a three-digit code into the Duo app. What you should do The only time you should type in the three-digit code into Duo is if you are logging in for yourself. Do not enter a code given to you […]

Road trip season is approaching, and the FBI has observed criminals impersonating road toll collection services via text message. While there is only one toll bridge in Missouri – the Lake of the Ozarks Community Bridge (for now) – many neighboring states operate toll roads.   If you see a message like the one below, please […]

According to Washington University School of Medicine Protective Services, the WUSM Physical Therapy department received a call from someone impersonating the DEA to steal personally identifiable information.  In the call, they claimed to be an investigator from the DEA headquarters, saying that a nurse practitioner had reported fraud under their name, medical license number, and […]

The Office of Information Security has observed a trend in which criminals advertise a job while impersonating a Professor of Computer Science and Engineering. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly enticing if offered employment.  If you see a message like the one below, […]

The Office of Information Security has identified a trend in which criminals send members of our community false COVID-19 contact tracing emails with a malicious link. They hope a victim will click the link and give their WashU credentials. In this scam, hackers use a compromised email address from Brown University to send phishing emails. […]

If You Sent Money to a Scammer  Scammers often insist that you pay in ways that make it tough to get your money back. They prefer you wire money through a company like Western Union or MoneyGram, send cryptocurrency, use a payment app, or buy a gift card and give them the redemption code. Regardless of how you lost money to a scam, […]

The Office of Information Security has identified a trend in which criminals send members of our community account termination emails containing a malicious link. They hope a victim will give their WashU credentials in a Google Form. In this scam, hackers use a legitimate WashU email address to send phishing emails. Victims who click the […]

How this Scam Works Members of the WashU community are receiving fraudulent emails that ask them to divulge their WUSTL Key and credentials in a Google Form. If someone clicks the malicious link in the email, they will be led to a Google Form asking for their WUSTL Key and credentials. Here are some examples […]