Device Security for the Entire Family

The holiday season is here! As we prepare our hearths and homes to celebrate the holidays with friends and family, we sense that this season will be different. According to the National Retail Federation (https://nrf.com/media-center/press-releases/nrf-expects-holiday-sales-will-grow-between-36-and-52-percent ), online sales are expected to grow by at least 30% this year, adapting to the constraints of a pandemic […]

Top Phishing Threats Last Year: Impersonation and Credential Phishing

The Office of Information Security works diligently to protect our institution from phishing threats. Ultimately, however, our shared security depends on your vigilance. You can protect yourself by avoiding engagement with phishing attempts, and you can help protect all of us by swiftly reporting these threats to our office. When you report a phishing attempt, […]

KringleCon Holiday Hack Challenge 2020

For more than a decade, SANS has offered a free Holiday Hacking Challenge. In 2018, the challenge was dubbed “KringleCon.” WUIT personnel banded together to join the challenge in 2019. Working in their spare time, they ventured deep into the mystery of KringleCon. Alas, they did not make it to the end. This year, the […]

Thank You for Participating in Cybersecurity Awareness Month 2020

The Office of Information Security extends its gratitude to the faculty, staff, and students who participated in the events and activities of Cybersecurity Awareness Month 2020! During the month of October, we hosted a slate of webinars and presentations to help our community stay informed and empowered in the digital era. This year, our program […]

Protect Yourself Online This Holiday Season

The holiday season is upon us! As many of us prepare our homes, pantries, and gift lists for the approaching season, cybercriminals are simultaneously preparing to exploit security vulnerabilities to their advantage. According to the Cybersecurity & Infrastructure Security Agency(CISA), these bad actors target online shoppers by using the following tactics: Creating fraudulent websites, emails, […]

WEBINAR: How to Make the Most Out of a Cybersecurity Career

Our friends at WashU’s Technology and Leadership Center are hosting the following free webinar for people who are interested in exploring careers in cybersecurity. Ethical hackers, analysts and penetration testers have never been more in demand – Nearly half a million cybersecurity professionals are needed nationally, says (ISC)2. If you want to start or shift […]

InfoSec Alert: Cybersecurity Attacks Targeting US Healthcare Systems

During the week of October 26, multiple federal agencies notified Washington University of a credible cybersecurity threat to US health care providers. This threat has impacted several hospitals across the country within the last few days, and intelligence officials suggest several hundred more may be targeted in the near future. Washington University has a dedicated […]

PHISHING ALERT: Malicious Email Indicating New Payroll Approvals Required

The Office of Information Security has identified a phishing threat in which the sender indicates new payroll approvals are required. This is a malicious email attempting to get users to follow a link to a fake login portal. Any user information that is entered in this fake portal will be captured by the criminals as […]

E-Waste Recycling and Light Bulb Swap

E-waste and bulb swap event promotional flyer.

The Office of Sustainability and the Office of Information Security are planning an e-waste recycling and light bulb swap event for Cybersecurity Awareness Month (October 2020). All hard drives collected in this drive will be securely and safely recycled by certified vendors. On the last Thursday of October (10/29) and first Thursday of November (11/5), the Office of […]

Introducing Interim Chief Information Security Officer, Chris Shull

In September, Chris Shull assumed the role of Interim Chief Information Security Officer (CISO) for Washington University in St. Louis. He comes to us from Huron Consulting Group, which is working on several other projects at WashU. Kevin Hardcastle has stepped back from the CISO role, and is working diligently with Chris to advance the […]

Welcome to Cybersecurity Awareness Month from CISO Kevin Hardcastle

Dear WashU community, Cybersecurity Awareness Month has arrived! Cybersecurity Awareness Month was launched in October 2004 by the National Cybersecurity Alliance and the U.S. Department of Homeland Security as a joint effort to raise awareness of cybersecurity issues and help people stay safe online.  Now in its 17th year, Cybersecurity Awareness Month is observed around […]

WEBINAR: Topics in Security with Brian Allen

Information Security Manager Brian Allen will deliver a presentation on some of the most important topics in information security today. Brian will discuss the latest incidents and vulnerabilities detected on the WashU network during the last year and look at some new tools we have available to detect and remediate threats. We will be releasing […]

Revised and Updated Policies 2020

The Washington University Office of Information Security maintains a sustainable information security program supporting the vital work of education, research, and clinical care while also protecting our systems and users’ security. We can only achieve strong information security for all if we each take personal responsibility for ensuring our systems’ security. We continuously improve our […]

October is Cybersecurity Awareness Month

Cybersecurity Awareness Month is here! Cybersecurity Awareness Month is a global effort to help everyone stay protected whenever and however they connect. The overarching theme for the month is, “Do Your Part, #BeCyberSmart.” The Office of Information Security is proud to be a Cybersecurity Awareness Month Champion, supporting online safety throughout the year. We’re here […]

Information Security Manager Brian Allen to Speak at Virtual Zeek Week 2020

Information Security Manager Brian Allen will deliver a presentation entitled “Zeek, and Splunk, and Alertus, oh My” during Virtual Zeek Week 2020. This is a single session of a larger event that includes many opportunities to learn about technical aspects of the work being done by information security professionals. Details for registering for Virtual Zeek […]

Meet Joe Susai, WUSM Chief Information Security Officer

The Office of Information Security will host a webinar featuring one of our newest IT leaders on the School of Medicine campus, Joe Susai, WUSM chief information security officer (CISO). Susai will share remarks about his new role at the medical school and how he will work with WashU CISO, Kevin Hardcastle, to provide strong […]

Cybersecurity Awareness Month Is Right Around the Corner

October is Cybersecurity Awareness Month. Cybersecurity Awareness Month was launched as National Cybersecurity Awareness Month in October 2004 as a joint effort between the National Cyber Security Alliance and the U.S. Department of Homeland Security. The objective of National Cybersecurity Awareness Month was to raise awareness of the importance of cybersecurity and offer resources to […]

PHISHING ALERT: Malicious Email Indicating Password Expiration

The Office of Information Security has received reports of malicious emails indicating that users need to follow a link to change their passwords. This email is a fraudulent message attempting to obtain personal information from unsuspecting victims. The criminals behind this effort are hoping to trick users into following a link in that email, then […]

Working Safely and Securely in a Remote Environment

Original post by Zarmeena Waseem for EDUCAUSE Here are some helpful tips and effective practices for working safely and securely in a remote environment, whether it’s a temporary situation or a permanent transition. Use a VPN Make use of the corporate VPN at your university for an extra layer of security any time you find […]

National Cybersecurity Awareness Month (NCSAM) is Coming!

WashU InfoSec is honored to be among institutions named NCSAM Champions. We champion the cause of information security in our community by offering information, resources, and events throughout the year with special offerings during NCSAM every October. Stay tuned for our schedule of October events to help you #BeCyberSmart. To see a complete list of […]

Find Useful Resources on the InfoSec Website

The Office of Information Security strives to provide a comprehensive set of tools, services, and information to empower members of our community to protect themselves and their data. These priorities are evident in our stated mission, “to build a sustainable information security program that balances the need to protect with the need to support the […]

Protect Yourself from Social Engineering

The Office of Information Security continuously works to protect our community from a wide variety of phishing activity and other security threats. Currently, the majority of the phishing threats we see involve some form of social engineering. What is social engineering? Social engineering attempts to manipulate people by exploiting psychology and emotions such as fear, […]

PHISHING ALERT: Tech Support Scams (Vishing)

The Office of Information Security has observed a recent uptick in ‘tech support scams’ that attempt to trick unsuspecting victims into calling a fake customer-support number to discuss alleged problems with their devices or services. How do customer service scams work? These scams often closely mimic actual support pages and contact information to fool unsuspecting […]

UPDATED: Security Threats Targeting COVID-19 Researchers

Law enforcement and government agencies, including the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), have issued warnings about criminal activity targeting COVID research. Below, you will find links to relevant guidance and announcements about this threat. FBI director says China seeks to compromise U.S. firms researching coronavirus – WaPo […]

Tax Deadline Extension and Phishing Scams

As a result of the COVID-19 pandemic, the deadline for filing state and federal tax returns is postponed until July 15, 2020. As the deadline approaches, we want to make you aware of the more common tax fraud scams that our office sees each year. We have also compiled some helpful resources to assist you […]

Better Protection with Encryption

Secure encryption is a frequently discussed and recommended strategy for protecting the information that we send, receive, and store on our devices. Encryption is one of the best defenses against those who seek to gain unauthorized access to your digital information. Federal, state, and industry regulations governing the work we do at WashU require that […]

INFOGRAPHIC: 22 Social Engineering Red Flags

Social engineering is one of the primary strategies criminals use in their attempts to attack our systems. From an information security perspective, social engineering is the use of manipulative psychological tactics and deception to commit fraud. The goal of these tactics is to establish some level of trust in order to convince the unsuspecting victim […]

INFOGRAPHIC: 20 Ways to Stop Mobile Attacks

Mobile devices have become an ever-present component of the way we interact with our peers and colleagues. We have desktops and laptops to do the heavy lifting, but the vast majority of us are using some sort of mobile device to access our work during times when we don’t have access to our computers. With […]

PHISHING ALERT: Malicious Email with Voicemail Attachment

The Office of Information Security has received reports of a malicious email stating that users have a new voicemail. This message includes an attachment that appears to be the content of the voicemail message. Upon clicking on the attachment, the recipient is redirected to a fake login page requesting their password. Recipients who enter their […]

PHISHING ALERT: Email Threatening to Reveal Personal Information

The Office of Information Security has identified a phishing threat in which the sender indicates they have compromising information about the recipient, offering as proof a plaintext password that may look familiar to the recipient. These passwords are NOT an indication that the sender has access to any special information about you. They are simply […]

Profile: Betsy Ball, Information Security Architect

Please join us in welcoming Betsy Ball to the Office of Information Security’s team! Betsy comes to us with more than 30 years of IT experience, including work in user support as well as server, network, and firewall administration. In her role at WashU, she will serve as an Information Security Architect, working with the […]

Avoiding Exposure to Ransomware

adapted from original post by Trisha Clay, EDUCAUSE Ransomware is scary. Such an attack could make it impossible for you to retrieve documents on your computer. So, how do you protect yourself from ransomware? One of the best ways to protect yourself is to create a good backup of your critical data. These backups should […]

PHISHING ALERT: Malicious Email Attachments

The Office of Information Security has identified a trend in which malicious emails include attachments (e.g. .doc or .xls) that, when opened, instruct users to “Enable Content” to view “active content” that has been disabled. These attachments often contain something with a name referring to something financial in nature like “Transaction,” “Invoice,” “Payment,” or “Payroll”. […]

PHISHING ALERT: COVID-19 Benefit Payment

The Office of Information Security has received reports of phishing on our campuses involving supposed payments related to the COVID-19 pandemic. This specific criminal activity involves telling users that they can obtain a payment (in this case from ‘Google Technology Company’) as part of a “package” that is “earmarked for” people who have been directly […]

PHISHING ALERT: “Outstanding Payment” Excel Attachment

The Office of Information Security has received reports of a phishing attempt targeting members of our institution. This particular phish involves telling the recipient they are owed an “outstanding payment,” then attaching an Excel spreadsheet with malicious software (malware) hidden in macros. The body of the email often provides the recipient with a ‘password’ for […]

Social Engineering and the “Gift-Card Scam”

adapted from original post by Trisha Clay, EDUCAUSE Social engineering begins with research, whereby an attacker reaches out to a target to gain information and resources. When someone you don’t know contacts you and asks you open-ended questions, this may be the first step of a social-engineering attack. After the attacker reaches out to you, […]

UPDATED: Cyber Attackers Exploit Vulnerabilities amid Surge in Remote Work

As we transition to remote work in response to the coronavirus pandemic, cyber attackers seek new opportunities to exploit unsuspecting users. Reports of ransomware attacks, phishing attempts, and scam websites are on the rise around the world, especially targeting those who work at universities and medical institutions. While we take our work to our home […]

COVID-19: UPDATED Criminal Scams Seek to Exploit COVID-19 Fears

Multiple organizations, including the World Health Organization (WHO), have issued warnings that scammers are seeking to use the current outbreak of COVID-19 for personal gain. The Office of Information Security has compiled the following resources and information to assist anyone who fears they may fall victim to one of these scams. It is important to […]

POSTPONED: Shred IT, Secure E-Waste Recycling Event

This event has been postponed. We will do our best to reschedule for a later date. Please stay tuned for updates about this event. The Office of Sustainability and the Office of Information Security will be hosting an e-waste recycling and confidential paper shredding event. All are welcome to bring accepted items to the collection […]

VIDEO: Gil the Phish Drops the Bait

Gil is always coming up with new ways to trick unsuspecting users with his phishy emails. You can avoid becoming a victim of one of Gil’s scams by learning the signs of a phishing email and reporting anything suspicious to phishing@wustl.edu. For more information about how to avoid being a victim of phishing, follow the […]

Photo Gallery: Gil and InfoSec at WUSM Heath Happening Fair

The Office of Information Security hosted a table at the WUSM Health Happening Fair on February 21, 2020. We had a great turn out, distributing mic and camera blockers, phone grips, and valuable information to hundreds of our colleagues at the School of Medicine. Gil the Phish made an appearance at the table, to the […]

Tax Time is Open Season for Phishing Scams

Tax season is here again, and with it comes an uptick in scammers using phishing emails designed to steal personal information from their victims in order to commit tax fraud. We encourage you to use extreme caution with any email correspondences requesting personal information. Please refrain from opening any attachments or following any links in […]

Ask The Experts: Password Management

According to the U.S. Department of Homeland Security (DHS), strong passwords and multi-factor authentication are key to maintaining information security. The strongest passwords are composed of upper- and lower-case letters, special characters, and numbers. Long and unpredictable passwords are ideal, and according to DHS, these passwords should not include any words that “can be found […]

InfoSec Alert: Email Attacks

Increase in Email Attacks The Office of Information Security has received increased reports of phishing attacks with the sole purpose of stealing and using login credentials to access University email accounts. When the attackers gain access to an email account, they can download the contents of the mailbox and/or send out spam in an attempt […]

Phishing Alert: Fraudulent Student Job Offer

The Office of Information Security has received several reports of a phishing attempt using a compromised email account to solicit personal information in response to a fake job offering. This fraudulent email requests that recipients reply with an “alternative email address” and “direct cell phone number” to receive additional information about the position. Recipients who […]

Gil the Phish Tempts with Gifts

Phishers like Gil never take a vacation. Now that the holiday season is drawing to a close, perpetrators of phishing schemes are using new tactics to lure unsuspecting recipients into their nets. One such scam involves enticing the recipient of a phishing attempt with free gifts. You may receive unsolicited but familiar-looking e-mails with offers […]

Revised and Updated Policies 2019

The Washington University Office of Information Security strives to build a sustainable information security program that supports the vital work of education, research, and clinical care while also protecting the security of our systems and users. Information security is important to every member of our community, and we all share personal responsibility for ensuring the […]