The Office of Information Security has observed a trend in which criminals impersonate Dean David Perlmutter over text message. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly powerful when the person being impersonated is in a position of authority. If you see a message like […]
According to the Duane Morris Class Action Review 2025, class action lawsuits “broke the $40 billion mark for the third year in a row.” Large companies like Apple, Meta, and Disney each found themselves paying millions in settlements. Whether the payments are big or small, how should you react to a settlement notice? The notices […]
The Federal Bureau of Investigation warns the public about scams during the holidays. The big four scams of the season are: According to the Internet Crime Complaint Center’s (IC3) 2023 report, non-payment and non-delivery scams cost people over $281 million that year. Credit card fraud accounted for another $264 million in losses. Click with caution Don’t click any suspicious links […]
Many feel compelled to give in times of crisis. Charitable donations play a crucial role in providing aid after natural disasters and humanitarian emergencies. However, scammers often take advantage of this generosity, preying on good intentions. The WashU community can protect our contributions by recognizing legitimate charities and spotting the characteristics of scams. Above is […]
The Office of Information Security has observed a trend in which criminals advertise a job using a student’s email address from Clark Atlanta University. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please […]
Use of Adobe’s AI Assistant with any WashU Confidential or Protected Information, including both Personally Identifiable Information (PII) and Protected Health Information (PHI), is not permitted. Due to data retention and use policies of the Adobe AI feature, WashU IT will begin disabling its use on our systems starting next week. The impacted applications are […]
With the approach of Missouri’s last day to register to vote before the November election, October 9, expect scammers to take advantage of the situation. We Americans are accustomed to election advertisements and voter registration campaigns, so when a scammer reaches out under the pretense of campaigning, it can be hard to spot the ruse. […]
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please do […]
Use of Adobe’s AI Assistant with HIPAA Protected Health Information (PHI) is not permitted at WashU. While Adobe’s information security and intellectual property protections are compatible with other uses, federal law requires a Business Associates Agreement (BAA) before HIPAA PHI may be shared with a third party. Non-AI Assistant use of Adobe desktop products keeps […]
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please do […]
The Office of Information Security observed a trend where criminals email members of our community false direct deposit change notifications with a malicious link. They hope the victim will click the link and give their WashU credentials or direct deposit information. Payroll Services does not change direct deposit information. Only employees can change it themselves […]
Microsoft has released some Windows 11 PCs with a new feature called ‘Recall,’ which has privacy and security issues. ‘Recall,’ if enabled, takes screenshots of all activity in Windows 11 and then places that information in local storage for future access. No action is needed at this time – ‘Recall’ is off by default and […]
Criminals who’ve stolen WUSTL Keys and passwords are masquerading as IT support over text messages to get us to enter Duo verification codes. Legitimate WashU employees will not ask you to enter codes into your Duo app. Only enter a verification code if you are logging in for yourself. Do not enter a code given […]
Members of the WashU community are receiving fraudulent phone calls from criminals asking them to enter a three-digit code into the Duo app. What you should do The only time you should type in the three-digit code into Duo is if you are logging in for yourself. Do not enter a code given to you […]
Road trip season is approaching, and the FBI has observed criminals impersonating road toll collection services via text message. While there is only one toll bridge in Missouri – the Lake of the Ozarks Community Bridge (for now) – many neighboring states operate toll roads. If you see a message like the one below, please […]
According to Washington University School of Medicine Protective Services, the WUSM Physical Therapy department received a call from someone impersonating the DEA to steal personally identifiable information. In the call, they claimed to be an investigator from the DEA headquarters, saying that a nurse practitioner had reported fraud under their name, medical license number, and […]
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating a Professor of Computer Science and Engineering. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly enticing if offered employment. If you see a message like the one below, […]
![From: Wustl Health Care Center Subject: Emergency Notice: COVID-19 Variant Poses Risks in our University I trust this message finds you in good health. I am writing to share critical information that impacts the health and safety of our academic community. Regrettably, we have recently received confirmation of a positive COVID-19 variant test result for a member of our university staff. Despite a significant portion of our staff and faculty being vaccinated, it is crucial to acknowledge that certain variants may pose challenges even to those who have received the vaccine. As a precautionary measure, we are actively initiating contact tracing to identify and mitigate potential risks. To assist us in determining whether you have been in close proximity to the affected staff member, we have established a dedicated webpage for your convenience. Please click the following link: [Access Detailed Staff Information] to review specific details about the individual in question. Prompt reporting of any interactions or contact is crucial, as it greatly contributes to the overall safety and security of our community. We understand that this news may be concerning, but please rest assured that our medical team is available to address any questions and provide guidance. You can contact them at [Healthcare@wustl.edu], and they will offer the necessary assistance. Our commitment to your well-being and the creation of a secure working environment remains steadfast. We kindly ask for your cooperation in this matter, as it is vital for our collective efforts to contain the virus and uphold the safety of our community. Confidentiality Notice: This email and its attachments are confidential and intended solely for the recipient. In line with privacy guidelines, we kindly request that you refrain from sharing or forwarding this message. PLEASE AVOID SHARING THIS EMAIL WITH ANYONE. We sincerely appreciate your dedication to our university community, and together, we will navigate through this challenge and emerge stronger. Best regards, Washington University in St. Louis Health Care Center Contact: (616) 526-7052](https://informationsecurity.wustl.edu/files/2024/01/scam_covid-ae533c8153fb28b6-350x130.png)
The Office of Information Security has identified a trend in which criminals send members of our community false COVID-19 contact tracing emails with a malicious link. They hope a victim will click the link and give their WashU credentials. In this scam, hackers use a compromised email address from Brown University to send phishing emails. […]
If You Sent Money to a Scammer Scammers often insist that you pay in ways that make it tough to get your money back. They prefer you wire money through a company like Western Union or MoneyGram, send cryptocurrency, use a payment app, or buy a gift card and give them the redemption code. Regardless of how you lost money to a scam, […]
The Office of Information Security has identified a trend in which criminals send members of our community account termination emails containing a malicious link. They hope a victim will give their WashU credentials in a Google Form. In this scam, hackers use a legitimate WashU email address to send phishing emails. Victims who click the […]
How this Scam Works Members of the WashU community are receiving fraudulent emails that ask them to divulge their WUSTL Key and credentials in a Google Form. If someone clicks the malicious link in the email, they will be led to a Google Form asking for their WUSTL Key and credentials. Here are some examples […]
Mark your calendar Microsoft applications may require users to reauthenticate On the evening of October 20, WashU IT will enhance the university’s cloud-based Microsoft services. As a result, users may see authentication (login) prompts on Microsoft applications such as Teams, Outlook, Office, and OneDrive on their devices. These prompts are expected. Completing the WUSTL Key […]
The Office of Information Security has identified a trend in which criminals send members of our community a Google Document containing a malicious link, in hopes that a victim may give up their credentials. In this more elaborate scam, hackers posed as Adis Avila, who is not an individual who works at our university, sending […]
How this Scam Works Members of the WashU community are being targeted by criminals using malicious QR codes to steal valuable and personal information. The QR codes targeting WashU credentials lead an unsuspecting victim to a fake WUSTL Key login page. If the victim enters any information on the malicious login page, they will unknowingly […]
How this Scam Works Members of the WashU community are receiving fraudulent shared document emails that ask them to divulge their WUSTL Key and credentials in a Google Form. Victims receive a fraudulent email about a shared document from an email address outside of WashU: When a victim clicks the link in the email, they […]
The Office of Information Security observes a trend in which criminals send a fraudulent order confirmation claiming the recipient will be charged almost $500. The criminals hope victims will call a phone number to refute the “purchase” and disclose their banking information. If you see a message like the one below, please do not interact […]
The Office of Information Security observes a trend in which criminals use a compromised email account to trick victims into divulging their WUSTL Key password. In this scam, criminals took over a legitimate email address from UT Health San Antonio and used it to send phishing emails. Victims who click on the phishing link are […]
The Office of Information Security observes a trend in which criminals impersonate the sheriff’s office over the telephone. These scammers claim you signed for a subpoena, are an expert witness, or are a juror and never showed up for court and then demand payment. Along with a false accusation, scammers may list your personal information […]
The Drug Enforcement Administration (DEA) is warning the public of a widespread fraud scheme where scammers impersonate DEA agents to extort money or steal personally identifiable information. DEA personnel will never contact members of the public to demand payment or sensitive information. No legitimate federal law enforcement officer will request cash or gift cards from […]
The Office of Information Security has observed a trend in which criminals impersonate Chancellor Andrew Martin over text message. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly powerful when the person being impersonated is in a position of authority. If you see a message like […]
How this scam works WashU students are reporting they are receiving fraudulent job offers promising hundreds of dollars per week. The scammer will often ask you to move the conversation to some different, non-WashU messaging platform, like text, before requesting sensitive information like social security numbers, bank account information, etc. What you should do If […]
The Office of Information Security has observed a trend in which criminals send a fake error message on a website, saying there is a virus on your computer. These fake error messages aim to scare you into calling their “technical support hotline,” and they will likely ask you to install applications that give them remote […]
On Tuesday, March 28, from 8:30 am to 10:30 am, the Office of Sustainability and WashU Office of Information Security are teaming up to bring the WashU community e-waste recycling and confidential paper shredding services. Certified vendors will securely and safely recycle all confidential papers and hard drives. All are welcome to bring accepted items […]
The Office of Information Security observes a trend in which criminals send an email impersonating a Professor of Mathematics, hoping that victims will share their phone number and eventually purchase gift cards for them. If you see a message like the one below, please do not interact with the sender or phone number, and do […]
On December 22nd, 2022, LastPass notified their customer base of a cybersecurity incident that put customer data and passwords at risk. This incident occurred in November of 2022. Bad actors could potentially possess encrypted user data that includes “usernames, passwords, secure notes, and form-filled data,” according to LastPass. While in possession of this data, the bad […]
The Office of Information Security received a reported phishing message claiming to be from Washington University and threatening to terminate user accounts. This malicious email asks the user to cut and paste a URL into their browser. This phishing website prompts for a WUSTLKey username, password, and phone number. Unsuspecting victims who type their credentials […]
Cybersecurity Awareness Month in October is a global effort to help everyone stay protected whenever and however they connect. The theme for the month is “It’s easy to stay safe online,” and The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help […]
The Office of Information Security has observed a trend where criminals send fraudulent password expiration notices in hopes that victims will disclose their WUSTL Key on a fake login page. If you see a message like the one below, please do not interact with any links or follow any special instructions regarding authentication methods. Simply […]
As school begins on campuses nationwide, criminals turn their attention to scams targeting students who are busy preparing for the upcoming semester. Criminals frequently rely on timely topics and strategies to exploit their victims. Below, you will find examples of real scam emails reported to our team within the last month. As we all gear […]
Apple recently released a critical software update for all iOS (iPhones and iPads) and macOS devices designated iOS 15.6.1 and macOS 12.5.1. With the launch of these updates, Apple took the increasingly common step of alerting users that these updates patch vulnerabilities that criminals may actively exploit. Please update your iOS and macOS devices as […]
The Office of Information Security has observed a trend where criminals are sending fraudulent invoices to unsuspecting victims in hopes that they will be paid without the recipient noting that they are part of a scam. The tricky part of this particular scam is that the invoices are actually generated by payment handlers like PayPal. […]
A joint Information Technology and Office of Information Security vulnerability management project aims to strengthen and better protect the WashU network from attacks. The project has two main objectives: Install CrowdStrike on all Wash U servers immediately. Remediate tool-evaluated critical vulnerabilities, guiding department owners through updates, patches, and other steps. About Objective 1 WashU IT […]
This month’s scam is a recent and widespread phishing attack that attempted to use social engineering and impersonation to gain account access. If you see a message like the one below, please report it immediately using the Phish Alert Button (PAB) in your Outlook interface. You can find more information about the PAB and alternative […]
Website Scavenger Hunt Ends Soon (Win $250) Please take some time to visit our website scavenger hunt for a chance to win $250 in Bear Bucks if you haven’t already. This competition ends tomorrow at midnight, so get your entry in soon to learn about some key resources and secure your chance to win. Chance […]
A recent SMiShing scam targeted our institution by impersonating Chancellor Martin and asking recipients for gift cards. You can rest assured that the chancellor (or your supervisor) will not reach out to ask for gift cards. SMiShing is a type of attack that uses the social engineering tactics commonly associated with email phishing via text […]
The Office of Information Security’s website is full of helpful resources and information for keeping you more secure online. To encourage you to become more familiar with what our website has to offer, the OIS office is holding a virtual scavenger hunt featuring a chance to win $250 in Bear Bucks! How to Participate Follow […]
This month’s scam is a recent and widespread phishing attack that attempted to use social engineering and impersonation to gain account access. This one is particularly tricky, but it uses a very common set of steps that criminals deploy to steal account credentials. The user receives the suspicious email, in this case from an ‘@wustl’ […]
Phishing is the most common tactic cybercriminals use to steal login credentials, data, and intellectual property. Billions of these messages are sent every day, but it’s now easier than ever to protect yourself and WashU by helping the Office of Information Security (OIS) catch the phish and remove it from our system. The Phish Alert […]
This month, we’re focusing on a particularly tricky scam. This one isn’t tricky because it’s complex on its surface; it actually relies on simplicity and brevity to lure in its victims. This scam mimics an important notification to trick recipients into handing over sensitive login information. It contains many hallmarks of a typical phish, but […]
This month, we’re focusing on another scam that preys on your emotions and altruistic intentions. This time, it involves cybercriminals taking advantage of fundraising for Ukraine. In just one week, legitimate fundraising for Ukraine mobilized more than $50 million in cryptocurrency. That kind of success always attracts opportunists who want their cut. This time, they’re […]