Filter by:
Scam of the Month: Voter Registration Scams
With the approach of Missouri’s last day to register to vote before the November election, October 9, expect scammers to take advantage of the situation. We Americans are accustomed to election advertisements and voter registration campaigns, so when a scammer reaches out under the pretense of campaigning, it can be hard to spot the ruse. […]
Scam of the Month: Remote/Part-Time Intern for a Virtual Assistant
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please do […]
InfoSec Alert: PHI not allowed in Adobe AI Assistant
Use of Adobe’s AI Assistant with HIPAA Protected Health Information (PHI) is not permitted at WashU. While Adobe’s information security and intellectual property protections are compatible with other uses, federal law requires a Business Associates Agreement (BAA) before HIPAA PHI may be shared with a third party. Non-AI Assistant use of Adobe desktop products keeps […]
Scam of the Month: Washington University – internship and management Programs – PAID
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please do […]
Scam of the Month: Direct deposit bank account changed
The Office of Information Security observed a trend where criminals email members of our community false direct deposit change notifications with a malicious link. They hope the victim will click the link and give their WashU credentials or direct deposit information. Payroll Services does not change direct deposit information. Only employees can change it themselves […]
InfoSec Alert: Microsoft ‘Recall’ Feature
Microsoft has released some Windows 11 PCs with a new feature called ‘Recall,’ which has privacy and security issues. ‘Recall,’ if enabled, takes screenshots of all activity in Windows 11 and then places that information in local storage for future access. No action is needed at this time – ‘Recall’ is off by default and […]
Scam of the Month: Duo Verification Code Text Phishing
Criminals who’ve stolen WUSTL Keys and passwords are masquerading as IT support over text messages to get us to enter Duo verification codes. Legitimate WashU employees will not ask you to enter codes into your Duo app. Only enter a verification code if you are logging in for yourself. Do not enter a code given […]
Phishing Alert: Verified Duo Push Scam
Members of the WashU community are receiving fraudulent phone calls from criminals asking them to enter a three-digit code into the Duo app. What you should do The only time you should type in the three-digit code into Duo is if you are logging in for yourself. Do not enter a code given to you […]
Scam of the Month: Outstanding Toll Amount
Road trip season is approaching, and the FBI has observed criminals impersonating road toll collection services via text message. While there is only one toll bridge in Missouri – the Lake of the Ozarks Community Bridge (for now) – many neighboring states operate toll roads. If you see a message like the one below, please […]
Scam of the Month: DEA Impersonation Phone Call
According to Washington University School of Medicine Protective Services, the WUSM Physical Therapy department received a call from someone impersonating the DEA to steal personally identifiable information. In the call, they claimed to be an investigator from the DEA headquarters, saying that a nurse practitioner had reported fraud under their name, medical license number, and […]
Scam of the Month: RESEARCH ASSISTANT VACANCY FOR UNDERGRADUATE
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating a Professor of Computer Science and Engineering. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly enticing if offered employment. If you see a message like the one below, […]
Scam of the Month: COVID-19 Variant Poses Risks in our University
The Office of Information Security has identified a trend in which criminals send members of our community false COVID-19 contact tracing emails with a malicious link. They hope a victim will click the link and give their WashU credentials. In this scam, hackers use a compromised email address from Brown University to send phishing emails. […]
Scam of the Month: Charity Scam
If You Sent Money to a Scammer Scammers often insist that you pay in ways that make it tough to get your money back. They prefer you wire money through a company like Western Union or MoneyGram, send cryptocurrency, use a payment app, or buy a gift card and give them the redemption code. Regardless of how you lost money to a scam, […]
Scam of the Month: Process has begun by our administrator
The Office of Information Security has identified a trend in which criminals send members of our community account termination emails containing a malicious link. They hope a victim will give their WashU credentials in a Google Form. In this scam, hackers use a legitimate WashU email address to send phishing emails. Victims who click the […]
Phishing Alert: Protect Your Account’s Financial Information from Credential Phishing via Google Form
How this Scam Works Members of the WashU community are receiving fraudulent emails that ask them to divulge their WUSTL Key and credentials in a Google Form. If someone clicks the malicious link in the email, they will be led to a Google Form asking for their WUSTL Key and credentials. Here are some examples […]
October 20: Microsoft applications may require users to reauthenticate
Mark your calendar Microsoft applications may require users to reauthenticate On the evening of October 20, WashU IT will enhance the university’s cloud-based Microsoft services. As a result, users may see authentication (login) prompts on Microsoft applications such as Teams, Outlook, Office, and OneDrive on their devices. These prompts are expected. Completing the WUSTL Key […]
Scam of the Month: Document Shared with You
The Office of Information Security has identified a trend in which criminals send members of our community a Google Document containing a malicious link, in hopes that a victim may give up their credentials. In this more elaborate scam, hackers posed as Adis Avila, who is not an individual who works at our university, sending […]
Phishing Alert: Credential Phishing via QR Code
How this Scam Works Members of the WashU community are being targeted by criminals using malicious QR codes to steal valuable and personal information. The QR codes targeting WashU credentials lead an unsuspecting victim to a fake WUSTL Key login page. If the victim enters any information on the malicious login page, they will unknowingly […]
Phishing Alert: Credential Phishing via Google Form
How this Scam Works Members of the WashU community are receiving fraudulent shared document emails that ask them to divulge their WUSTL Key and credentials in a Google Form. Victims receive a fraudulent email about a shared document from an email address outside of WashU: When a victim clicks the link in the email, they […]
Scam of the Month: Geek Squad Customer Service
The Office of Information Security observes a trend in which criminals send a fraudulent order confirmation claiming the recipient will be charged almost $500. The criminals hope victims will call a phone number to refute the “purchase” and disclose their banking information. If you see a message like the one below, please do not interact […]