Letter from the CISO, Vol 4 Issue 10
WashU Community:
Taking care of ourselves and everyone around us
WashU IT’s theme for the month of March is “Employee appreciation: Every day is a day to recognize your time and talent,” and I think one of the most important things for everyone to do is to help other people. Professionally or personally, as family, employees, or volunteers, everyone feels better when they’ve done something to help.
Everyone likes to be appreciated!
You may already be the person in your family and social circles who everyone turns to for help with their computers, mobile devices, smart home devices, and printers.
Who would benefit most from your help with cybersecurity?
Cyber fraud is a national scourge
I recently attended an event where the FBI Cyber Squad shared information about elder fraud. $12.5 billion (yes, “Billion” with a “B”) in cyber fraud was reported to the FBI’s Internet Crime Complaint Center in 2023. There seems to be a surge in victimizing people over 60 years old.
I had a firsthand view of this over the past few years as my mother continued to live independently after my father passed. I noticed that she was getting 25-30 phone calls a day. Most calls were scams ranging from clearly criminal come-ons to sales calls for things she didn’t need like home and car warranties (including for cars she no longer owned). One guy had her on the phone for an hour trying to get her to log in to her bank accounts. Fortunately, I had assumed responsibility for her finances, and she didn’t have any passwords or account logins.
Last June, I wrote about how to be a telephone fraud prevention hero, and I encourage you to review that column if you know people suffering from telephone fraud attacks.
As much as I liked the idea of her wasting the time of scammers – as the British mobile phone company O2 is doing with Daisy, their AI Granny, who chats up scammers – I didn’t think it was worth the risk.
The FBI reports that the main trends for cybercrime scams are:
- “Romance: Criminals pose as interested romantic partners on social media or dating websites.
- Tech support: Criminals pose as technology/customer support offering to help with non-existent issues, such as computer viruses or hacked accounts.
- Grandparent: Criminals pose as a relative, usually a child or grandchild, claiming to be in immediate financial need.
- Government impersonation: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to pay.
- Sweepstakes/lottery/inheritance: Criminals state the victim has won a lottery/sweepstakes, or is receiving an inheritance from a distant or unknown relative but must pay fees and taxes to claim the money.
- Investment: Criminals offer unsuitable investments, fraudulent offerings, and unrecognized products which can result in the theft or misappropriation of funds.
- Charity: Criminals claim to work for a charitable organization to gain a victim’s trust and obtain donations.
- Family/caregiver: Perpetrators are relatives or acquaintances of the elderly victims and take advantage of them or otherwise get their money.
- Non-Delivery of Product: A victim does not receive an item purchased online, or the item is not as described. These items are often advertised on social media.”
See the FBI’s Elder Fraud web page for more information, and don’t think it can’t happen to you because you aren’t elderly. Cybercriminals do not discriminate.
You can help by being someone’s cyber security buddy
I return to my recommendation that everyone should have a cyber security buddy.
In August of 2023, I first made the case that we should all have cyber security buddies. They serve as wing person to help ensure we aren’t taken advantage of and as a cyber hygiene checker to make sure we don’t stink (at cyber security).
Cyber security buddies can solve an array of other issues which I have written about repeatedly.
Without reviewing all of them, I’ll underscore the message from last March. I encouraged everyone to get together with friends and family and make everyone promise to call their cyber security buddy should they ever suspect something isn’t right. They should call even if they’ve already taken an action and are wondering if they made a mistake. Definitely call if they are being told to keep something secret. Isolating people from help and other points of view is a standard page in the con artist playbook.
And as always, I encourage everyone to be “vigilant, skeptical, and a little bit paranoid.”
Your friends and family will thank you for being the cyber expert in their lives.
If you need help with any of these ideas, please contact the Office of Information Security.
Thank you for reading my column, and for being members of the university’s Information Security team!
Good luck and be careful out there!
-Chris Shull, CISO