Letter from the CISO, Vol 4 Issue 2 Washington University Community: Last Friday, all the news was about the millions of Windows computers around the world that had been taken down by a flawed CrowdStrike file update. Starting in the wee hours of Friday morning, systems administrators and computer users everywhere were struggling to boot […]
In this series we are exploring key aspects of our Information Security Awareness, Behavior, and Culture program. If you are a regular reader of this newsletter, you may have read our first article in this series entitled Inside ABC: Awareness, Behavior, and Culture. If you missed that one, you may want to read it first […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this July. The Inside Man is a soap opera-style training that covers critical […]
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating someone from a university in Mexico. Impersonation is one of the most effective social engineering tactics scammers use, and it can be particularly enticing if offered employment. If you see a message like the one below, please do […]
Jeremy Howard, security analyst III, is one of the newest members of our InfoSec team. Jeremy’s primary responsibilities as a Security Analyst III are to “manage and review events and increase the organization’s security posture by using our Data Loss Prevention program.” He also “provides guidance regarding information security pertaining to clinical workflows.” Jeremy notes […]
Letter from the CISO, Vol 4 Issue 1 Washington University Community: An enormous amount of fraud is still being perpetuated via phone calls even though many people don’t use telephones very much. Cybercriminals seek your credit card or bank account numbers, access to your online bank accounts, and to install malware on your computer. But […]
As more data, identities, and services move to the cloud, they are increasingly targets of threat actors with potentially life-altering consequences. In 2017, a breach of Equifax leaked the Social Security Numbers (SSNs) of 143 million Americans. While writing this article, Ticketmaster and its vendor, Snowflake, suffered a major data breach. Those are just two […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this June. The Inside Man is a soap opera-style training that covers critical […]
The Office of Information Security observed a trend where criminals email members of our community false direct deposit change notifications with a malicious link. They hope the victim will click the link and give their WashU credentials or direct deposit information. Payroll Services does not change direct deposit information. Only employees can change it themselves […]
Pete Nowikow, information security analyst III, is one of the newest InfoSec team members. In his day-to-day role, Pete aids in designing and deploying Network Access Control (NAC, e.g., Cisco Identity Services Engine, or ISE). He also partners closely with the WUIT Network Engineering team and BJC. Pete will often work with several other departments, […]
Letter from the CISO, Vol 3 Issue 12 Washington University Community: I sometimes fear that all the scary cybercrime stories I share will lose their motivating impact. And then I hear something even scarier. The scariest attack yet… The scariest attack I’ve heard to date is one in which people appear to receive a call […]
The WashU Office of Information Security (OIS) takes a holistic approach to security training and awareness. Our goal goes way beyond raising awareness through a required annual training. The Awareness, Behavior, and Culture (ABC) team aims to foster a resilient and adaptable security culture so WashU Community members know what to look out for, how […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is continuing to assign the Inside Man series as our competition this May. The Inside Man is a soap opera-style training that covers critical […]
Criminals who’ve stolen WUSTL Keys and passwords are masquerading as IT support over text messages to get us to enter Duo verification codes. Legitimate WashU employees will not ask you to enter codes into your Duo app. Only enter a verification code if you are logging in for yourself. Do not enter a code given […]
In support of ImpacT and the call to provide the university community with tools and the knowledge to safeguard and sustain our systems, data, and reputation, the Office of Information Security (OIS) has initiated a complete revision and expansion of the OIS policy library. The goal is to foster a strong security culture at WashU […]
Peter L. Jones, information security analyst, monitors for security vulnerabilities on the tens of thousands of devices in the WashU environment. Peter and the vulnerability management team keep track of everything from simple devices like phones to critical systems and servers by using regular scans and monitoring. His role involves problem-solving and decision-making, including determining […]
Letter from the CISO, Vol 3 Issue 11 Washington University Community: Failing to be smart is easy… Writing to the Washington University in St. Louis community, I don’t expect disagreement that it is better to be smart than the opposite. However, even the smartest people can have moments of stupidity. In a recent interview with […]
Are you tired of trying to create and remember every password? Are you worried that you might lose your password? Do you feel overwhelmed by the number of password managers to choose from? If so, there is good news on the horizon. The FIDO Alliance created a passwordless sign-in system that addresses these problems, and […]
The Office of Information Security (OIS) is always looking for ways to improve your security and reward your participation in helping to secure WashU. Back by popular request, the InfoSec team is assigning the Inside Man as our training competition this April. The Inside Man is a soap opera-style training that covers critical cyber security […]
Road trip season is approaching, and the FBI has observed criminals impersonating road toll collection services via text message. While there is only one toll bridge in Missouri – the Lake of the Ozarks Community Bridge (for now) – many neighboring states operate toll roads. If you see a message like the one below, please […]
Summer break is right around the corner, and many in the WashU community will be traveling or looking for a summer job. Unfortunately, the devices we rely on for managing travel have also become targets for theft and cybercrime. Whether you are searching for a job or taking a trip, please protect yourself and the […]
Joey Smith, Information Security Analyst III, works in the OIS Clinical Operations team, focusing on the School of Medicine and the Medical Campus. Joey uses tools to identify and monitor unmanaged devices on the WashU network. This effort assists in ongoing projects like asset management and network asset control (NAC). Joey enjoys IT and security […]
Letter from the CISO, Vol 3 Issue 10 Washington University Community: Criminals keep inventing new con attacks I recently saw a news report about a Mexican drug cartel that has gotten into the business of helping elderly Americans get out of the timeshare vacation contracts. This sounds like a good thing. Unfortunately, it is just […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. Back by popular request, the InfoSec team is assigning the Inside Man as our training competition this March. The Inside Man is a soap opera-style training that covers critical cyber security themes in all its episodes. Watch […]
The Phish Alert Button (PAB) is one of our team’s most valuable tools for keeping the WashU community safe. When you report a phishing email using the PAB, our office will investigate the threat and take any necessary action, such as removing all similar messages from systems and notifying our community of the danger. If […]
According to Washington University School of Medicine Protective Services, the WUSM Physical Therapy department received a call from someone impersonating the DEA to steal personally identifiable information. In the call, they claimed to be an investigator from the DEA headquarters, saying that a nurse practitioner had reported fraud under their name, medical license number, and […]
In the digital age where a lot of our private information is on the internet – in public and supposedly in private storage – ensuring online privacy has become even more integral to protecting your online activity and identity. According to Cobalt’s Top Cybersecurity Statistics for 2024, there are over 2,200 cyberattacks a day (a […]
Back in his federal law enforcement days, WUSM’s Assistant Director of Investigations and Crime Prevention, Steve Manley, came upon an advance fee scam. An informant who operated a corner store in East St. Louis called him one afternoon. He told Manley a customer was sending large sums of money to Nigeria via Western Union. The caller […]
On Tuesday, March 26th, the Office of Sustainability and Office of Information Security hosted their biannual electronic waste recycling and secure paper shredding event on the Danforth campus. Thank you to all who supported sustainability by securely recycling their electronic waste and confidential documents. The event was a huge success. In just two and a […]
Letter from the CISO, Vol 3 Issue 9 Washington University Community: Artificial Intelligence is a tool Artificial Intelligence, or AI, has received a lot of attention and interest over the past year, primarily due to the great advances in productivity and quality it seems to promise. WashU IT is excited to be helping the university […]
WashU IT, Information Security, and WUSM ITSS are introducing a new registration process for devices connecting to the wired network. This change will further protect patient, student, research, and academic data from bad actors. We will begin implementing this change in early 2024. It will be rolled out in a measured pace to minimize impact […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we’d like to test your knowledge in a fun ‘Phish or Treat’ game. Phishing When navigating your email, always be on the lookout for red flags that may indicate that it is a phishing email. […]
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating a Professor of Computer Science and Engineering. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly enticing if offered employment. If you see a message like the one below, […]
Spring Break is right around the corner, and many in the WashU community will be traveling for conferences, studying away, researching elsewhere, visiting family, or just going somewhere relaxing. No matter where you go, your smartphone will undoubtedly be at your side. These handy devices have become our constant companions for just about anything you […]
Letter from the CISO, Vol 3 Issue 8 Washington University Community: New Year – New Password Discipline “Password Discipline” certainly sounds like the kind of New Year’s resolution that will be abandoned within 24 hours. But it truly needs to be on everyone’s list. Good password management is critical for protecting yourself, your family, and […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we’d like to cover a phishing tactic that uses your phone as a medium for scammers. This scam is called ‘Vishing.’ Vishing Cybercriminals are continuously looking for new and unexpected ways to contact you. While […]
Tax season officially begins on January 29, and internet scammers will capitalize on the moment. The Internal Revenue Service initiates most contact through regular mail delivered by the United States Postal Service. Sometimes, they will call or visit, but other than that, “The IRS doesn’t initiate contact with taxpayers by email, text messages or social […]
![From: Wustl Health Care Center Subject: Emergency Notice: COVID-19 Variant Poses Risks in our University I trust this message finds you in good health. I am writing to share critical information that impacts the health and safety of our academic community. Regrettably, we have recently received confirmation of a positive COVID-19 variant test result for a member of our university staff. Despite a significant portion of our staff and faculty being vaccinated, it is crucial to acknowledge that certain variants may pose challenges even to those who have received the vaccine. As a precautionary measure, we are actively initiating contact tracing to identify and mitigate potential risks. To assist us in determining whether you have been in close proximity to the affected staff member, we have established a dedicated webpage for your convenience. Please click the following link: [Access Detailed Staff Information] to review specific details about the individual in question. Prompt reporting of any interactions or contact is crucial, as it greatly contributes to the overall safety and security of our community. We understand that this news may be concerning, but please rest assured that our medical team is available to address any questions and provide guidance. You can contact them at [Healthcare@wustl.edu], and they will offer the necessary assistance. Our commitment to your well-being and the creation of a secure working environment remains steadfast. We kindly ask for your cooperation in this matter, as it is vital for our collective efforts to contain the virus and uphold the safety of our community. Confidentiality Notice: This email and its attachments are confidential and intended solely for the recipient. In line with privacy guidelines, we kindly request that you refrain from sharing or forwarding this message. PLEASE AVOID SHARING THIS EMAIL WITH ANYONE. We sincerely appreciate your dedication to our university community, and together, we will navigate through this challenge and emerge stronger. Best regards, Washington University in St. Louis Health Care Center Contact: (616) 526-7052](https://informationsecurity.wustl.edu/files/2024/01/scam_covid-ae533c8153fb28b6-350x130.png)
The Office of Information Security has identified a trend in which criminals send members of our community false COVID-19 contact tracing emails with a malicious link. They hope a victim will click the link and give their WashU credentials. In this scam, hackers use a compromised email address from Brown University to send phishing emails. […]
The DUO Two-Factor Authentication upgrade was deployed on November 20, 2023, to enhance and secure WashU systems and applications access. A smartphone or tablet with the Duo Mobile app installed is required to use this new and preferred verified push method of multi-factor authentication. There are circumstances where you might not be able to download […]
Digital Guardian, the data loss prevention software, has been updated to detect and alert when sensitive information, such as Protected Health Information (PHI) or Personally Identifiable Information (PII), is shared to public websites, including Artificial Intelligence sites such as ChatGPT. We are tuning Digital Guardian to reduce the number of false alerts and enhance our […]
To simplify the critical messages you receive about information security at the university, the Office of Information Security is retiring the Secure WUSM Infosec bulletin. Instead, the content will now be published in this newsletter. That means there will be fewer university-wide emails! Additionally, we are folding Secure WUSM itself into the organization-wide CyBear Secure […]
Letter from the CISO, Vol 3 Issue 7 Washington University Community: Holidays and the joys of giving and receiving (safely)! As we are in the middle of the holiday season, it’s easy to get caught up in the joyous atmosphere and excitement of finding the perfect gift or the muted pain of receiving an ugly […]
The OIS is always looking for ways to improve your security and reward your participation in our efforts. This month, we want to point you toward a few resources to help you protect yourself from cybercrime and understand how our office can support you during this holiday season. Be sure to read our article on […]
With Black Friday and Cyber Monday behind us, it can be tempting to impulse buy any remaining discounted items. Before getting caught up in a “while supplies last” frenzy, remember that scammers capitalize on hasty decisions involving payment information. According to the Internet Crime Complaint Center’s (IC3) 2022 report, non-payment and non-delivery scams cost people more […]
If You Sent Money to a Scammer Scammers often insist that you pay in ways that make it tough to get your money back. They prefer you wire money through a company like Western Union or MoneyGram, send cryptocurrency, use a payment app, or buy a gift card and give them the redemption code. Regardless of how you lost money to a scam, […]
Nick Fredrick, GRC Security Analyst I, is one of the newest additions to the Office of Information Security. After earning his bachelor’s degree in computer information systems from St. Louis University, Nick interned for our Governance Risk and Compliance (GRC) team, where he was eventually hired as a full-time analyst. Throughout his time at WashU, […]
WashU uses tools from the Microsoft 365 A5 security suite to detect and respond to cybersecurity threats. Most of the tools in the suite are designed to work behind the scenes so that students, faculty, and staff are not interrupted by the security features. Here is a brief overview of Microsoft 365 A5 tools and […]
Provide consent to receive electronic delivery of your tax documents by December 31, 2023. This will allow you to receive your W-2 form online as soon as it is available in Workday. You will be notified by email in January when your electronic W-2 form is available. Manage printing elections of your tax forms in Workday and […]
Letter from the CISO, Vol 3 Issue 6 Washington University Community: Problems in WashU paradise Sometimes, I think working at WashU is a bit like being in paradise. November is a time to reflect on things we are grateful for, and this includes working in a safe and welcoming culture. But even the Garden of […]
The Office of Information Security has identified a trend in which criminals send members of our community account termination emails containing a malicious link. They hope a victim will give their WashU credentials in a Google Form. In this scam, hackers use a legitimate WashU email address to send phishing emails. Victims who click the […]