The Office of Information Security has observed a trend in which criminals create fake CAPTCHA pages to trick users into copying malicious code into their computer. To protect yourself, do not paste material into your computer. When a victim clicks the ‘I’m not a robot’ box, verification steps are presented. Completing these steps triggers a […]
Tax Day is April 15, and internet scammers will capitalize on the moment. The Internal Revenue Service initiates most contact through regular mail delivered by the United States Postal Service. To verify the IRS sent the letter, you can search for it on IRS.gov. Sometimes, they will call or visit, but other than that, the Internal Revenue Service […]
What if you are still running Windows XP or 7 on some of your computers? Extended support for Windows 7 ended on January 14, 2020, over 10 years after the release of Windows 7. Now the operating system no longer receives security updates. Some versions of Windows 10 and 11 are already unsupported. Devices with an […]
In October 2024, the Wall Street Journal reported a large cyberattack against U.S. telecommunications companies. The FBI, NSA, and the Cybersecurity and Infrastructure Security Agency released new guidelines for protecting communications infrastructure in the United States. Despite the government’s efforts, the Chinese hackers continue their hacking of US telecom networks. If the most valuable items on your […]
The Office of Information Security has observed a trend in which criminals impersonate Dean David Perlmutter over text message. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly powerful when the person being impersonated is in a position of authority. If you see a message like […]
Did you know that all hard drives and any permanent storage must contain disk encryption if they stored PHI in the past, present or future? Why is this important? Sensitive and/or regulated data on encrypted drives in a computer that is lost, stolen, or improperly disposed of cannot be viewed without a special “key” only available […]
According to the Duane Morris Class Action Review 2025, class action lawsuits “broke the $40 billion mark for the third year in a row.” Large companies like Apple, Meta, and Disney each found themselves paying millions in settlements. Whether the payments are big or small, how should you react to a settlement notice? The notices […]
The Federal Bureau of Investigation warns the public about scams during the holidays. The big four scams of the season are: According to the Internet Crime Complaint Center’s (IC3) 2023 report, non-payment and non-delivery scams cost people over $281 million that year. Credit card fraud accounted for another $264 million in losses. Click with caution Don’t click any suspicious links […]
Provide consent to receive electronic delivery of your tax documents by December 31, 2024. This will allow you to receive your W-2 form online as soon as it is available in Workday. You will be notified by email in January when your electronic W-2 form is available. Manage printing elections of your tax forms in Workday and refer to […]
Cybersecurity Awareness Month 2024 is coming to a close. This year, we hosted two webinars, promoted key behaviors to encourage every employee to take control of their online lives, and published weekly newsletters full of content authored by the Office of Information Security. Below, you will find a recap of some of the key events […]
The Office of Information Security has observed a trend in which criminals advertise a job using a student’s email address from Clark Atlanta University. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please […]
With the highly technical appearance of information security, entering the field may seem daunting. What does it actually take to work in information security? In this series, we’ll cover WashU’s information security professionals and how they got to where they are now. Let me introduce you to my boss, Quint Smith. What is your current […]
Watch this on-demand webinar (1:06:11) where Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, spotlights how criminals weaponize artificial intelligence.
Device security is essential for protecting your privacy and data. Top-notch device security involves tweaking built-in features. Protect your devices and data using the strategies in the how-to guides below.
Artificial intelligence art generators are trained on billions of existing images. When you enter a prompt, the AI art generator builds an image by combining aspects of its training data into a single image. Meanwhile, deepfakes are trained on photographs and videos of one subject to replicate that subject. Deepfake technology can depict a person […]
QR codes (quick-response codes) were originally designed to label automobile parts, but today, we can find them in advertisements, restaurants, museums, mobile ticketing, and many other areas. Since both Androids and iPhones can scan QR codes in the camera app, QR codes provide faster access to a website than manually typing a URL. While convenient, the […]
Scammers can create fake login screens that are strikingly similar to legitimate ones. One of the login screens pictured above is our true WUSTL login screen, and the other is an imitation. Can you spot all of the differences? To make this more challenging, we’ve cropped out the URL from each login screenshot. Seeing the […]
Multifactor authentication provides another layer of security for online accounts. The first “factor” for an account is usually a password, and any additional authentication step makes it harder for a hacker to access your account. Common multifactor authentication offerings are codes sent via text or email, dedicated authenticator apps like Duo, and fingerprint or facial […]
Using strong passwords with the help of a password manager is one of the easiest ways to protect your accounts and keep our information safe. Let a password manager do the work A password manager creates, stores, and fills passwords for us automatically. This way, we only have to remember one strong password—for the password […]
The onboarding process creates a unique set of security risks. As new employees, we’re often eager to make a good impression, but we have little institutional knowledge. These factors make new employees valuable targets for hackers. Due to unfamiliarity with WashU’s processes and security protocols, a new employee might not know how to recognize an email […]
Google’s Jigsaw unit published a quiz that tests the taker’s ability to identify phishing emails. The quiz tests you on eight emails to see if you can distinguish between legitimate emails and phishing scams. Many of the examples come from real events, such as the massive phishing attempt that hit Google Doc users in 2017 and an email that Russian […]
Phishing is an illegal tactic where criminals send fraudulent emails to trick victims into sharing their personal information or compromise their system. The good news is at WashU we can use the Phish Alert Button whenever we’re unsure about an email’s authenticity. Step 1: Recognize the common signs Step 2: When in doubt, report it! […]
With many kinds of cybercrime come many different ways to report it. Most of us will encounter cybercrime, so here are resources on where to report it. Hacked Account Report your hacked account to theplatform’s support team. Below are reporting guides for popular platforms: WUSTL Key, Facebook, Google, Instagram, PayPal, Snap, TikTok, YouTube Ransomware If […]
Giving children uninhibited access to the internet can put your child, computer, and personal data at risk. With some precautions, you can set your children up to become upstanding digital citizens who will lead the future. Parental Controls Most devices these days have parental controls that allow parents to restrict access to certain content for […]
October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. The Office of Information Security is proud to champion this online safety and education initiative this October. All month long, we are promoting these key behaviors to encourage you, our WashU community, […]
With the approach of Missouri’s last day to register to vote before the November election, October 9, expect scammers to take advantage of the situation. We Americans are accustomed to election advertisements and voter registration campaigns, so when a scammer reaches out under the pretense of campaigning, it can be hard to spot the ruse. […]
National Public Data, a background check company, confirmed in August that it suffered a data breach leaking names, email addresses, phone numbers, social security numbers, and mailing addresses. Fortunately, there are many free and accessible steps you can take to defend against identity theft: Indicators of Identity Theft What to do if your information is […]
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please do […]
Use of Adobe’s AI Assistant with HIPAA Protected Health Information (PHI) is not permitted at WashU. While Adobe’s information security and intellectual property protections are compatible with other uses, federal law requires a Business Associates Agreement (BAA) before HIPAA PHI may be shared with a third party. Non-AI Assistant use of Adobe desktop products keeps […]
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please do […]
The Office of Information Security observed a trend where criminals email members of our community false direct deposit change notifications with a malicious link. They hope the victim will click the link and give their WashU credentials or direct deposit information. Payroll Services does not change direct deposit information. Only employees can change it themselves […]
Microsoft has released some Windows 11 PCs with a new feature called ‘Recall,’ which has privacy and security issues. ‘Recall,’ if enabled, takes screenshots of all activity in Windows 11 and then places that information in local storage for future access. No action is needed at this time – ‘Recall’ is off by default and […]
Criminals who’ve stolen WUSTL Keys and passwords are masquerading as IT support over text messages to get us to enter Duo verification codes. Legitimate WashU employees will not ask you to enter codes into your Duo app. Only enter a verification code if you are logging in for yourself. Do not enter a code given […]
Members of the WashU community are receiving fraudulent phone calls from criminals asking them to enter a three-digit code into the Duo app. What you should do The only time you should type in the three-digit code into Duo is if you are logging in for yourself. Do not enter a code given to you […]
Are you tired of trying to create and remember every password? Are you worried that you might lose your password? Do you feel overwhelmed by the number of password managers to choose from? If so, there is good news on the horizon. The FIDO Alliance created a passwordless sign-in system that addresses these problems, and […]
Road trip season is approaching, and the FBI has observed criminals impersonating road toll collection services via text message. While there is only one toll bridge in Missouri – the Lake of the Ozarks Community Bridge (for now) – many neighboring states operate toll roads. If you see a message like the one below, please […]
Summer break is right around the corner, and many in the WashU community will be traveling or looking for a summer job. Unfortunately, the devices we rely on for managing travel have also become targets for theft and cybercrime. Whether you are searching for a job or taking a trip, please protect yourself and the […]
According to Washington University School of Medicine Protective Services, the WUSM Physical Therapy department received a call from someone impersonating the DEA to steal personally identifiable information. In the call, they claimed to be an investigator from the DEA headquarters, saying that a nurse practitioner had reported fraud under their name, medical license number, and […]
Back in his federal law enforcement days, WUSM’s Assistant Director of Investigations and Crime Prevention, Steve Manley, came upon an advance fee scam. An informant who operated a corner store in East St. Louis called him one afternoon. He told Manley a customer was sending large sums of money to Nigeria via Western Union. The caller […]
WashU IT, Information Security, and WUSM ITSS are introducing a new registration process for devices connecting to the wired network. This change will further protect patient, student, research, and academic data from bad actors. We will begin implementing this change in early 2024. It will be rolled out in a measured pace to minimize impact […]
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating a Professor of Computer Science and Engineering. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly enticing if offered employment. If you see a message like the one below, […]
Spring Break is right around the corner, and many in the WashU community will be traveling for conferences, studying away, researching elsewhere, visiting family, or just going somewhere relaxing. No matter where you go, your smartphone will undoubtedly be at your side. These handy devices have become our constant companions for just about anything you […]
Tax season officially begins on January 29, and internet scammers will capitalize on the moment. The Internal Revenue Service initiates most contact through regular mail delivered by the United States Postal Service. Sometimes, they will call or visit, but other than that, “The IRS doesn’t initiate contact with taxpayers by email, text messages or social […]
![From: Wustl Health Care Center Subject: Emergency Notice: COVID-19 Variant Poses Risks in our University I trust this message finds you in good health. I am writing to share critical information that impacts the health and safety of our academic community. Regrettably, we have recently received confirmation of a positive COVID-19 variant test result for a member of our university staff. Despite a significant portion of our staff and faculty being vaccinated, it is crucial to acknowledge that certain variants may pose challenges even to those who have received the vaccine. As a precautionary measure, we are actively initiating contact tracing to identify and mitigate potential risks. To assist us in determining whether you have been in close proximity to the affected staff member, we have established a dedicated webpage for your convenience. Please click the following link: [Access Detailed Staff Information] to review specific details about the individual in question. Prompt reporting of any interactions or contact is crucial, as it greatly contributes to the overall safety and security of our community. We understand that this news may be concerning, but please rest assured that our medical team is available to address any questions and provide guidance. You can contact them at [Healthcare@wustl.edu], and they will offer the necessary assistance. Our commitment to your well-being and the creation of a secure working environment remains steadfast. We kindly ask for your cooperation in this matter, as it is vital for our collective efforts to contain the virus and uphold the safety of our community. Confidentiality Notice: This email and its attachments are confidential and intended solely for the recipient. In line with privacy guidelines, we kindly request that you refrain from sharing or forwarding this message. PLEASE AVOID SHARING THIS EMAIL WITH ANYONE. We sincerely appreciate your dedication to our university community, and together, we will navigate through this challenge and emerge stronger. Best regards, Washington University in St. Louis Health Care Center Contact: (616) 526-7052](https://informationsecurity.wustl.edu/files/2024/01/scam_covid-ae533c8153fb28b6-350x130.png)
The Office of Information Security has identified a trend in which criminals send members of our community false COVID-19 contact tracing emails with a malicious link. They hope a victim will click the link and give their WashU credentials. In this scam, hackers use a compromised email address from Brown University to send phishing emails. […]
The DUO Two-Factor Authentication upgrade was deployed on November 20, 2023, to enhance and secure WashU systems and applications access. A smartphone or tablet with the Duo Mobile app installed is required to use this new and preferred verified push method of multi-factor authentication. There are circumstances where you might not be able to download […]
Digital Guardian, the data loss prevention software, has been updated to detect and alert when sensitive information, such as Protected Health Information (PHI) or Personally Identifiable Information (PII), is shared to public websites, including Artificial Intelligence sites such as ChatGPT. We are tuning Digital Guardian to reduce the number of false alerts and enhance our […]
To simplify the critical messages you receive about information security at the university, the Office of Information Security is retiring the Secure WUSM Infosec bulletin. Instead, the content will now be published in this newsletter. That means there will be fewer university-wide emails! Additionally, we are folding Secure WUSM itself into the organization-wide CyBear Secure […]
With Black Friday and Cyber Monday behind us, it can be tempting to impulse buy any remaining discounted items. Before getting caught up in a “while supplies last” frenzy, remember that scammers capitalize on hasty decisions involving payment information. According to the Internet Crime Complaint Center’s (IC3) 2022 report, non-payment and non-delivery scams cost people more […]