PHISHING ALERT: Malicious Email Indicating Password Expiration

The Office of Information Security has received reports of malicious emails indicating that users need to follow a link to change their passwords. This email is a fraudulent message attempting to obtain personal information from unsuspecting victims. The criminals behind this effort are hoping to trick users into following a link in that email, then […]

Find Useful Resources on the InfoSec Website

The Office of Information Security strives to provide a comprehensive set of tools, services, and information to empower members of our community to protect themselves and their data. These priorities are evident in our stated mission, “to build a sustainable information security program that balances the need to protect with the need to support the […]

Protect Yourself from Social Engineering

The Office of Information Security continuously works to protect our community from a wide variety of phishing activity and other security threats. Currently, the majority of the phishing threats we see involve some form of social engineering. What is social engineering? Social engineering attempts to manipulate people by exploiting psychology and emotions such as fear, […]

PHISHING ALERT: Tech Support Scams (Vishing)

The Office of Information Security has observed a recent uptick in ‘tech support scams’ that attempt to trick unsuspecting victims into calling a fake customer-support number to discuss alleged problems with their devices or services. How do customer service scams work? These scams often closely mimic actual support pages and contact information to fool unsuspecting […]

UPDATED: Security Threats Targeting COVID-19 Researchers

Law enforcement and government agencies, including the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), have issued warnings about criminal activity targeting COVID research. Below, you will find links to relevant guidance and announcements about this threat. FBI director says China seeks to compromise U.S. firms researching coronavirus – WaPo […]

Tax Deadline Extension and Phishing Scams

As a result of the COVID-19 pandemic, the deadline for filing state and federal tax returns is postponed until July 15, 2020. As the deadline approaches, we want to make you aware of the more common tax fraud scams that our office sees each year. We have also compiled some helpful resources to assist you […]

INFOGRAPHIC: 22 Social Engineering Red Flags

Social engineering is one of the primary strategies criminals use in their attempts to attack our systems. From an information security perspective, social engineering is the use of manipulative psychological tactics and deception to commit fraud. The goal of these tactics is to establish some level of trust in order to convince the unsuspecting victim […]

INFOGRAPHIC: 20 Ways to Stop Mobile Attacks

Mobile devices have become an ever-present component of the way we interact with our peers and colleagues. We have desktops and laptops to do the heavy lifting, but the vast majority of us are using some sort of mobile device to access our work during times when we don’t have access to our computers. With […]

PHISHING ALERT: Malicious Email with Voicemail Attachment

The Office of Information Security has received reports of a malicious email stating that users have a new voicemail. This message includes an attachment that appears to be the content of the voicemail message. Upon clicking on the attachment, the recipient is redirected to a fake login page requesting their password. Recipients who enter their […]

PHISHING ALERT: Email Threatening to Reveal Personal Information

The Office of Information Security has identified a phishing threat in which the sender indicates they have compromising information about the recipient, offering as proof a plaintext password that may look familiar to the recipient. These passwords are NOT an indication that the sender has access to any special information about you. They are simply […]

Avoiding Exposure to Ransomware

adapted from original post by Trisha Clay, EDUCAUSE Ransomware is scary. Such an attack could make it impossible for you to retrieve documents on your computer. So, how do you protect yourself from ransomware? One of the best ways to protect yourself is to create a good backup of your critical data. These backups should […]

PHISHING ALERT: Malicious Email Attachments

The Office of Information Security has identified a trend in which malicious emails include attachments (e.g. .doc or .xls) that, when opened, instruct users to “Enable Content” to view “active content” that has been disabled. These attachments often contain something with a name referring to something financial in nature like “Transaction,” “Invoice,” “Payment,” or “Payroll”. […]

PHISHING ALERT: COVID-19 Benefit Payment

The Office of Information Security has received reports of phishing on our campuses involving supposed payments related to the COVID-19 pandemic. This specific criminal activity involves telling users that they can obtain a payment (in this case from ‘Google Technology Company’) as part of a “package” that is “earmarked for” people who have been directly […]

PHISHING ALERT: “Outstanding Payment” Excel Attachment

The Office of Information Security has received reports of a phishing attempt targeting members of our institution. This particular phish involves telling the recipient they are owed an “outstanding payment,” then attaching an Excel spreadsheet with malicious software (malware) hidden in macros. The body of the email often provides the recipient with a ‘password’ for […]

Social Engineering and the “Gift-Card Scam”

adapted from original post by Trisha Clay, EDUCAUSE Social engineering begins with research, whereby an attacker reaches out to a target to gain information and resources. When someone you don’t know contacts you and asks you open-ended questions, this may be the first step of a social-engineering attack. After the attacker reaches out to you, […]

UPDATED: Cyber Attackers Exploit Vulnerabilities amid Surge in Remote Work

As we transition to remote work in response to the coronavirus pandemic, cyber attackers seek new opportunities to exploit unsuspecting users. Reports of ransomware attacks, phishing attempts, and scam websites are on the rise around the world, especially targeting those who work at universities and medical institutions. While we take our work to our home […]

COVID-19: UPDATED Criminal Scams Seek to Exploit COVID-19 Fears

Multiple organizations, including the World Health Organization (WHO), have issued warnings that scammers are seeking to use the current outbreak of COVID-19 for personal gain. The Office of Information Security has compiled the following resources and information to assist anyone who fears they may fall victim to one of these scams. It is important to […]

VIDEO: Gil the Phish Drops the Bait

Gil is always coming up with new ways to trick unsuspecting users with his phishy emails. You can avoid becoming a victim of one of Gil’s scams by learning the signs of a phishing email and reporting anything suspicious to phishing@wustl.edu. For more information about how to avoid being a victim of phishing, follow the […]

Photo Gallery: Gil and InfoSec at WUSM Heath Happening Fair

The Office of Information Security hosted a table at the WUSM Health Happening Fair on February 21, 2020. We had a great turn out, distributing mic and camera blockers, phone grips, and valuable information to hundreds of our colleagues at the School of Medicine. Gil the Phish made an appearance at the table, to the […]

Tax Time is Open Season for Phishing Scams

Tax season is here again, and with it comes an uptick in scammers using phishing emails designed to steal personal information from their victims in order to commit tax fraud. We encourage you to use extreme caution with any email correspondences requesting personal information. Please refrain from opening any attachments or following any links in […]

InfoSec Alert: Email Attacks

Increase in Email Attacks The Office of Information Security has received increased reports of phishing attacks with the sole purpose of stealing and using login credentials to access University email accounts. When the attackers gain access to an email account, they can download the contents of the mailbox and/or send out spam in an attempt […]

Phishing Alert: Fraudulent Student Job Offer

The Office of Information Security has received several reports of a phishing attempt using a compromised email account to solicit personal information in response to a fake job offering. This fraudulent email requests that recipients reply with an “alternative email address” and “direct cell phone number” to receive additional information about the position. Recipients who […]

Gil the Phish Tempts with Gifts

Phishers like Gil never take a vacation. Now that the holiday season is drawing to a close, perpetrators of phishing schemes are using new tactics to lure unsuspecting recipients into their nets. One such scam involves enticing the recipient of a phishing attempt with free gifts. You may receive unsolicited but familiar-looking e-mails with offers […]

External Email Notification Helps Identify Phishes

In the coming weeks, we will introduce a new feature in our email system that will notify users of emails originating from outside of the university. This change is being made to make it easier for everyone at our institution to identify phishing emails. Phishing attacks are on the rise, and often employ multiple methods […]