Filter by:

Phishing Alert: Credential Phishing Detected on Campus

The Office of Information Security received a reported phishing message claiming to be from Washington University and threatening to terminate user accounts. This malicious email asks the user to cut and paste a URL into their browser. This phishing website prompts for a WUSTLKey username, password, and phone number. Unsuspecting victims who type their credentials […]

October is Cybersecurity Awareness Month

October is Cybersecurity Awareness Month
Cybersecurity Awareness Month in October is a global effort to help everyone stay protected whenever and however they connect. The theme for the month is “It’s easy to stay safe online,” and The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help […]

Scam of the Month: Fake Password Expiration

Scam of the Month: Fake Password Expiration
The Office of Information Security has observed a trend where criminals send fraudulent password expiration notices in hopes that victims will disclose their WUSTL Key on a fake login page. If you see a message like the one below, please do not interact with any links or follow any special instructions regarding authentication methods. Simply […]

Scam of the Month: Student-Focused Scams

Scam of the Month: Student-Focused Scams
As school begins on campuses nationwide, criminals turn their attention to scams targeting students who are busy preparing for the upcoming semester. Criminals frequently rely on timely topics and strategies to exploit their victims. Below, you will find examples of real scam emails reported to our team within the last month. As we all gear […]

InfoSec Alert: Critical Security Updates for Apple Devices (iOS, macOS)

Apple recently released a critical software update for all iOS (iPhones and iPads) and macOS devices designated iOS 15.6.1 and macOS 12.5.1. With the launch of these updates, Apple took the increasingly common step of alerting users that these updates patch vulnerabilities that criminals may actively exploit. Please update your iOS and macOS devices as […]

Scam of the Month: Fake (Real) Invoice Scam

Scam of the Month: Fake (Real) Invoice Scam
The Office of Information Security has observed a trend where criminals are sending fraudulent invoices to unsuspecting victims in hopes that they will be paid without the recipient noting that they are part of a scam. The tricky part of this particular scam is that the invoices are actually generated by payment handlers like PayPal. […]

Joint IT and InfoSec Project Seeks Better Protections for WashU

Joint IT and InfoSec Project Seeks Better Protections for WashU
A joint Information Technology and Office of Information Security vulnerability management project aims to strengthen and better protect the WashU network from attacks.  The project has two main objectives: Install CrowdStrike on all Wash U servers immediately. Remediate tool-evaluated critical vulnerabilities, guiding department owners through updates, patches, and other steps. About Objective 1 WashU IT […]

Scam of the Month: Urgent Administrative Job Opportunity

Scam of the Month: Urgent Administrative Job Opportunity
This month’s scam is a recent and widespread phishing attack that attempted to use social engineering and impersonation to gain account access. If you see a message like the one below, please report it immediately using the Phish Alert Button (PAB) in your Outlook interface. You can find more information about the PAB and alternative […]

SMiShing Scam Seeks to Obtain Gift Cards by Impersonating Chancellor

SMiShing Scam Seeks to Obtain Gift Cards by Impersonating Chancellor
A recent SMiShing scam targeted our institution by impersonating Chancellor Martin and asking recipients for gift cards. You can rest assured that the chancellor (or your supervisor) will not reach out to ask for gift cards. SMiShing is a type of attack that uses the social engineering tactics commonly associated with email phishing via text […]

Website Scavenger Hunt with $250 prize and New Protections in Office 365

Website Scavenger Hunt with $250 prize and New Protections in Office 365
The Office of Information Security’s website is full of helpful resources and information for keeping you more secure online. To encourage you to become more familiar with what our website has to offer, the OIS office is holding a virtual scavenger hunt featuring a chance to win $250 in Bear Bucks! How to Participate Follow […]

Scam of the Month: Authenticate Your Account

Scam of the Month: Authenticate Your Account
This month’s scam is a recent and widespread phishing attack that attempted to use social engineering and impersonation to gain account access. This one is particularly tricky, but it uses a very common set of steps that criminals deploy to steal account credentials. The user receives the suspicious email, in this case from an ‘@wustl’ […]

Catch a Phish to Protect Yourself and WashU

Catch a Phish to Protect Yourself and WashU
Phishing is the most common tactic cybercriminals use to steal login credentials, data, and intellectual property. Billions of these messages are sent every day, but it’s now easier than ever to protect yourself and WashU by helping the Office of Information Security (OIS) catch the phish and remove it from our system. The Phish Alert […]

Scam of the Month: Important Payroll Message

Scam of the Month: Important Payroll Message
This month, we’re focusing on a particularly tricky scam. This one isn’t tricky because it’s complex on its surface; it actually relies on simplicity and brevity to lure in its victims. This scam mimics an important notification to trick recipients into handing over sensitive login information. It contains many hallmarks of a typical phish, but […]

Scam of the Month: Ukraine Donation Scam

This month, we’re focusing on another scam that preys on your emotions and altruistic intentions. This time, it involves cybercriminals taking advantage of fundraising for Ukraine. In just one week, legitimate fundraising for Ukraine mobilized more than $50 million in cryptocurrency. That kind of success always attracts opportunists who want their cut. This time, they’re […]

Increased Risk of State-Sponsored Cyberattacks as Russia Invades Ukraine

Increased Risk of State-Sponsored Cyberattacks as Russia Invades Ukraine
The threat of state-sponsored cyberattacks increasingly accompanies international relations. Russia has developed and demonstrated its capacity to attack and inflict damage using cyber-warfare tactics. With news of Russia’s invasion of Ukraine, many cybersecurity professionals are recommending increased vigilance during this period of unrest. While much of the responsibility for anticipating and preventing cyberattacks of this […]

InfoSec Alert: Update Google Chrome Immediately to Address Zero-Day Vulnerability

Earlier this week, a member of Google’s threat analysis group discovered a vulnerability in Google Chrome that would allow attackers to execute arbitrary code or corrupt data on impacted machines. Google released a fix for this exploit soon after, and all Chrome users should be sure to update their browsers immediately. Chrome should update each […]

Scam of the Month: COVID Omicron Phishing

Security researchers are warning of an uptick in phishing attacks targeting universities themed around COVID, Omicron, and testing information. These attackers seek to steal valuable information and often have the goal of tricking users into handing over their university (or other) log-in credentials. Below, you will find an example of a phishing message using Omicron […]

Scam of the Month: Direct Deposit Phishing Scam Impersonating University Leadership

Scam of the Month: Direct Deposit Phishing Scam Impersonating University Leadership
Members of the WashU community are receiving phishing emails impersonating university leadership, including Chancellor Martin and Dean Perlmutter. These messages request changes to direct deposit information due to suspicious activity.  Phishing scams often impersonate people in leadership positions to encourage a heightened sense of urgency in the recipient. Additionally, information about leaders is publicly available […]

InfoSec Alert: Critical Security Updates for Apple Devices

Apple recently released a critical software update for all Apple devices designated iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2. Apple issued these emergency updates in response to reports that “zero-click” spyware has been discovered on their devices.  Users can update their own devices using the following steps (please note that download times may […]