Tax Deadline Extension and Phishing Scams

As a result of the COVID-19 pandemic, the deadline for filing state and federal tax returns is postponed until July 15, 2020. As the deadline approaches, we want to make you aware of the more common tax fraud scams that our office sees each year. We have also compiled some helpful resources to assist you […]

Better Protection with Encryption

Secure encryption is a frequently discussed and recommended strategy for protecting the information that we send, receive, and store on our devices. Encryption is one of the best defenses against those who seek to gain unauthorized access to your digital information. Federal, state, and industry regulations governing the work we do at WashU require that […]

PHISHING ALERT: Malicious Email with Voicemail Attachment

The Office of Information Security has received reports of a malicious email stating that users have a new voicemail. This message includes an attachment that appears to be the content of the voicemail message. Upon clicking on the attachment, the recipient is redirected to a fake login page requesting their password. Recipients who enter their […]

PHISHING ALERT: Email Threatening to Reveal Personal Information

The Office of Information Security has identified a phishing threat in which the sender indicates they have compromising information about the recipient, offering as proof a plaintext password that may look familiar to the recipient. These passwords are NOT an indication that the sender has access to any special information about you. They are simply […]

Profile: Betsy Ball, Information Security Architect

Please join us in welcoming Betsy Ball to the Office of Information Security’s team! Betsy comes to us with more than 30 years of IT experience, including work in user support as well as server, network, and firewall administration. In her role at WashU, she will serve as an Information Security Architect, working with the […]

Avoiding Exposure to Ransomware

adapted from original post by Trisha Clay, EDUCAUSE Ransomware is scary. Such an attack could make it impossible for you to retrieve documents on your computer. So, how do you protect yourself from ransomware? One of the best ways to protect yourself is to create a good backup of your critical data. These backups should […]

PHISHING ALERT: Malicious Email Attachments

The Office of Information Security has identified a trend in which malicious emails include attachments (e.g. .doc or .xls) that, when opened, instruct users to “Enable Content” to view “active content” that has been disabled. These attachments often contain something with a name referring to something financial in nature like “Transaction,” “Invoice,” “Payment,” or “Payroll”. […]

PHISHING ALERT: COVID-19 Benefit Payment

The Office of Information Security has received reports of phishing on our campuses involving supposed payments related to the COVID-19 pandemic. This specific criminal activity involves telling users that they can obtain a payment (in this case from ‘Google Technology Company’) as part of a “package” that is “earmarked for” people who have been directly […]

PHISHING ALERT: “Outstanding Payment” Excel Attachment

The Office of Information Security has received reports of a phishing attempt targeting members of our institution. This particular phish involves telling the recipient they are owed an “outstanding payment,” then attaching an Excel spreadsheet with malicious software (malware) hidden in macros. The body of the email often provides the recipient with a ‘password’ for […]

Social Engineering and the “Gift-Card Scam”

adapted from original post by Trisha Clay, EDUCAUSE Social engineering begins with research, whereby an attacker reaches out to a target to gain information and resources. When someone you don’t know contacts you and asks you open-ended questions, this may be the first step of a social-engineering attack. After the attacker reaches out to you, […]

UPDATED: Cyber Attackers Exploit Vulnerabilities amid Surge in Remote Work

As we transition to remote work in response to the coronavirus pandemic, cyber attackers seek new opportunities to exploit unsuspecting users. Reports of ransomware attacks, phishing attempts, and scam websites are on the rise around the world, especially targeting those who work at universities and medical institutions. While we take our work to our home […]

COVID-19: UPDATED Criminal Scams Seek to Exploit COVID-19 Fears

Multiple organizations, including the World Health Organization (WHO), have issued warnings that scammers are seeking to use the current outbreak of COVID-19 for personal gain. The Office of Information Security has compiled the following resources and information to assist anyone who fears they may fall victim to one of these scams. It is important to […]

POSTPONED: Shred IT, Secure E-Waste Recycling Event

This event has been postponed. We will do our best to reschedule for a later date. Please stay tuned for updates about this event. The Office of Sustainability and the Office of Information Security will be hosting an e-waste recycling and confidential paper shredding event. All are welcome to bring accepted items to the collection […]

VIDEO: Gil the Phish Drops the Bait

Gil is always coming up with new ways to trick unsuspecting users with his phishy emails. You can avoid becoming a victim of one of Gil’s scams by learning the signs of a phishing email and reporting anything suspicious to phishing@wustl.edu. For more information about how to avoid being a victim of phishing, follow the […]

Photo Gallery: Gil and InfoSec at WUSM Heath Happening Fair

The Office of Information Security hosted a table at the WUSM Health Happening Fair on February 21, 2020. We had a great turn out, distributing mic and camera blockers, phone grips, and valuable information to hundreds of our colleagues at the School of Medicine. Gil the Phish made an appearance at the table, to the […]

Tax Time is Open Season for Phishing Scams

Tax season is here again, and with it comes an uptick in scammers using phishing emails designed to steal personal information from their victims in order to commit tax fraud. We encourage you to use extreme caution with any email correspondences requesting personal information. Please refrain from opening any attachments or following any links in […]

Ask The Experts: Password Management

According to the U.S. Department of Homeland Security (DHS), strong passwords and multi-factor authentication are key to maintaining information security. The strongest passwords are composed of upper- and lower-case letters, special characters, and numbers. Long and unpredictable passwords are ideal, and according to DHS, these passwords should not include any words that “can be found […]

InfoSec Alert: Email Attacks

Increase in Email Attacks The Office of Information Security has received increased reports of phishing attacks with the sole purpose of stealing and using login credentials to access University email accounts. When the attackers gain access to an email account, they can download the contents of the mailbox and/or send out spam in an attempt […]

Phishing Alert: Fraudulent Student Job Offer

The Office of Information Security has received several reports of a phishing attempt using a compromised email account to solicit personal information in response to a fake job offering. This fraudulent email requests that recipients reply with an “alternative email address” and “direct cell phone number” to receive additional information about the position. Recipients who […]

Gil the Phish Tempts with Gifts

Phishers like Gil never take a vacation. Now that the holiday season is drawing to a close, perpetrators of phishing schemes are using new tactics to lure unsuspecting recipients into their nets. One such scam involves enticing the recipient of a phishing attempt with free gifts. You may receive unsolicited but familiar-looking e-mails with offers […]

Revised and Updated Policies 2019

The Washington University Office of Information Security strives to build a sustainable information security program that supports the vital work of education, research, and clinical care while also protecting the security of our systems and users. Information security is important to every member of our community, and we all share personal responsibility for ensuring the […]

External Email Notification Helps Identify Phishes

In the coming weeks, we will introduce a new feature in our email system that will notify users of emails originating from outside of the university. This change is being made to make it easier for everyone at our institution to identify phishing emails. Phishing attacks are on the rise, and often employ multiple methods […]

NCSAM Retrospective

The Office of Information Security recently wrapped up a month of exciting activities and events across Washington University campuses for National Cybersecurity Awareness Month. We are grateful to everyone who took the time to participate in this year’s events, and we are already looking forward to next year’s program. During October 2019, the Office of […]

Gil the Phish and NCSAM Happenings

National Cyber Security Awareness Month (NCSAM) is about halfway over, and we’ve been having a great time spreading the word about digital security across our campus. We kicked off the month with a successful Shred IT event, and on October 14, we participated in Danforth Health Happening. Our presence at Health Happening was hard to […]

NCSAM: Be in the Know About Cybersecurity

National Cybersecurity Awareness Month (NCSAM) is underway! Our month of activities began with the annual Shred IT event on the School of Medicine Campus. On Tuesday, October 1, members of our community brought 1,025 pounds of paper and 4,457 pounds of electronics to the School of Medicine campus to be securely destroyed and recycled. This […]

NCSAM 2019: Own IT. Secure IT. Protect IT.

October is National Cybersecurity Awareness Month (NCSAM), and the Washington University Office of Information Security is joining in the conversation with a slate of events and talks focused on ensuring the security of data on our campus and beyond. In the digital era, we are continuously confronted with challenges to our privacy as well as […]

National Cybersecurity Awareness Month: Shred IT

On Tuesday, October 1st, the Office of Information Security, Office of Sustainability, and Operations & Facilities Management will be hosting an e-waste recycling and confidential paper shredding event. This event is the first in a series of events sponsored by the Information Security Office and our partners in celebration of National Cybersecurity Awareness Month (NCSAM). […]

Phishing for a Physician – A Spreading Concern

Cybercriminals have been diligently working these days to obtain personal information from unsuspecting physicians as they go about the business of practicing medicine. Physicians and other medical staff are prime targets of these attacks due to their compensation and the wealth of information publicly available on them. Cybercriminals work hard to know who you are […]

Securing Your Devices, Physically and Digitally

Securing your laptop or other device both physically and digitally can significantly reduce the risk of the device or the information it contains falling into the wrong hands. Physical security could mean locking the laptop away in a desk when you leave work for the day or using a cable and lock to secure it […]