Alerts Newsletter

Scam of the Month: Voter Registration Scams

By
Your vote matters

With the approach of Missouri’s last day to register to vote before the November election, October 9, expect scammers to take advantage of the situation. We Americans are accustomed to election advertisements and voter registration campaigns, so when a scammer reaches out under the pretense of campaigning, it can be hard to spot the ruse. Here are some ways to protect yourself: 

  1. If a caller offers to register you over the phone, hang up. Throughout the US, you can only register to vote online, by mail, or in person at your local election office.  
  2. If you receive a text or email with a link for voter registration, be wary. Those links may be a ploy to collect your personal data (such as your passwords or Social Security number) or gain access to your device. If you aren’t sure, simply report the email using the Phish Alert Button (PAB) in your Outlook interface. It is always best to be cautious and report anything remotely suspicious. Our team will analyze all submissions and return them to you if they are determined to be safe. 
  3. If someone claims you’re not registered to vote, it’s safest to verify for yourself. You can check, register, and update your registration at vote.gov 

Overwhelmed by the whole process? The WashU Votes page is a great resource for all things related to voting in the upcoming election. You can follow their Instagram @washuvotes to stay up to date on election events and important voter deadlines. 

Don’t forget, if you are a full- or part-time employee, Missouri law ensures that you can take time off to vote! You can read the specifics for WashU employees at Voting Time | Human Resources | Washington University in St. Louis (wustl.edu) 

If you fell victim to a scam like this one, here are some steps you can take to secure your information 

First, determine what information you revealed during the hiring process. If you provided your social security number, debit or credit card information, bank account information, or online login information before being hired, report it to the Federal Trade Commission at IdentityTheft.gov. They will give you advice tailored to your situation.    

If you opened a suspicious file, contact us at infosec@wustl.edu or 314-747-2955   

Avoid this and other scams by following our ten phishing safety tips and related guidance below.  

10 Phishing Safety Tips  

  1. Don’t click. Instead of clicking on any link in a suspicious email, type in the URL or search wustl.edu for the relevant department or page. Even if a website and/or URL in an email looks real, criminals can mask its true destination.   
  2. Be skeptical of urgent requests. Phishing messages often make urgent requests or demands. When you detect a tone of urgency, slow down and verify the authenticity of the sender and the request by using official channels rather than the information provided by the sender.       
  3. Watch out for grammar, punctuation, and spelling mistakes. Phishing messages are often poorly written. Common hallmarks of phishing are incorrect spelling, improper punctuation, and poor grammar. If you receive an email with these problems, it may be a phishing attempt. Double-check the email address of the sender, dont follow any links, and verify the authenticity of the request using official channels.       
  4. Keep your information private. Never give out your passwords, credit card information, Social Security number, or other private information through email.       
  5. Pick up the phone. If you have any reason to think that a department or organization really needs to hear from you, call them to verify any request for personal or sensitive information. Emails that say “urgent!”, use pressure tactics, or prey on fear are especially suspect. Do an online search for a contact phone number or use the contact number published in the WUSTL directory in Workday.       
  6. Use secure websites and pay attention to security prompts. Always check if you are on a secure website before giving out private information. You can determine whether a website is secure by looking for the “https:” rather than just “http:” in the Web address bar or for the small lock icon in the Internet browser. If your browser cannot validate the authenticity of the websites security certificate, you will be prompted. This is frequently a telltale sign of fraud, and it would be a good time to pick up the phone or report a suspicious message.       
  7. Keep track of your data. Regularly log onto your online accounts and make sure that all your transactions are legitimate. 
  8. Reset any account passwords that may have been compromised.       
  9. Know what’s happening. Visit the Office of Information Security Alerts page often.       
  10. Report it. If you are a victim of an email scam, report it to our office by using the Phish Alert Button (PAB). When you report a phishing attack, we will investigate it and, if necessary, remove other instances of the attack from our systems. Reporting the attack will help protect others and our institution.       

Additional Resources 

Phishing | Office of Information Security | Washington University in St. Louis       
Phishing 101 | Office of Information Security | Washington University in St. Louis       

Protect Yourself from Social Engineering 

Protect Yourself from Social Engineering