Newsletter

Cyber Risks at a New Job

By
ONBOARDING text graphics and illustration on a white background.

The onboarding process creates a unique set of security risks. As new employees, we’re often eager to make a good impression, but we have little institutional knowledge. These factors make new employees valuable targets for hackers.

Due to unfamiliarity with WashU’s processes and security protocols, a new employee might not know how to recognize an email impersonating the IT department. Plus, until they’ve gone through orientation, they might not know how to report a suspicious email. New employees are often eager to appear responsive which can lead to hastily opening links or attachments. Hackers target new hires with phishing campaigns because of these tendencies.

Here’s an example situation:

A new employee accepts a job offer at WashU. Nice! They celebrate by posting the good news on their LinkedIn. Meanwhile, a hacker notices the LinkedIn post and starts gathering information about WashU staff’s new hire checklist. The hacker crafts a social engineering campaign around form I-9, pay elections, and benefit elections. Unless the new hire knows the difference between the hacker’s communication and WashU’s, they might disclose their personal and financial information to the hacker.

Reducing Risk

For those hiring at WashU, be sure to follow all hiring procedures and protocols set forth by Human Resources. For reference, here is HR’s guide for onboarding new employees.

For those starting at WashU, check out HR’s Welcome to WashU Hub as an authoritative source of information.

Looking for work? 

  • Go right to a trusted source and search for jobs and internships with WashU’s career management partner, Handshake
  • Google the company. If you get a stock website or nothing at all, there is a strong possibility that the company does not exist. 
  • Be suspicious of job postings that offer high pay with a vague job description. If it seems too good to be true, it probably is. 
  • According to LinkedIn, “any legitimate recruiter, HR person, or hiring manager will contact you from a corporate account,” never from a personal email address. 
  • Never provide any routing numbers or information for direct deposit until you are hired. Your employer should not need your direct deposit information until you’ve shown up to your first day of work. 

Starting and searching for jobs can be exciting, scary, and overwhelming. Remember to stay calm and keep the resources above in mind throughout the process. If you ever see something unusual, be sure to reach out to InfoSec@wustl.edu for help!