Electronic Waste & Paper Shredding Drives this March
On Tuesday, March 22 and Tuesday, March 29, the Operations & Facilities Management Department, the Office of Sustainability, and WashU’s Office of Information Security are teaming up to bring the WashU community e-waste recycling and confidential paper shredding services. All are welcome to bring accepted items to the collection drive. All confidential papers and hard […]
Increased Risk of State-Sponsored Cyberattacks as Russia Invades Ukraine
The threat of state-sponsored cyberattacks increasingly accompanies international relations. Russia has developed and demonstrated its capacity to attack and inflict damage using cyber-warfare tactics. With news of Russia’s invasion of Ukraine, many cybersecurity professionals are recommending increased vigilance during this period of unrest. While much of the responsibility for anticipating and preventing cyberattacks of this […]
Keeping Information Security Simple – Isn’t there an App for that?
Letter from the CISO, Vol 1 Issue 9 Washington University Community: This month I’d like to warn you about dangerous applications and Internet services, and four things you can do to avoid problems. Many experts focus on iPhone/iPad/iOS and Android devices, but PC and Macs are also vulnerable to malicious applications, so I’ll speak about […]
10 Security Tips for Spring-Break Travelers
Spring Break is on the horizon, and many in the WashU community plan to travel for conferences, study away, research opportunities, and maybe even a little rest and relaxation! Smartphones and other digital devices are an integral part of our everyday lives, and they can make travel seem like a blissful dream. Helpful capabilities—your digital […]
Security Tips for Working From Home
By now, we’re all intimately familiar with the benefits and drawbacks of working from home. You may have been working from home for most of the pandemic, are a hybrid employee, or simply take your work or devices home for breaks and weekends. Whatever your unique situation, you probably have direct experience walking the increasingly […]
Seven Lucky Winners and More Chances to Win Prizes!
The results of our 2021 Cybersecurity Awareness Month competitions are in! Our office has selected seven lucky winners. If you’re a winner, we will contact you at your WUSTL email address to request the information we need to deliver your award. If you didn’t win this time, don’t despair! Read on for information about future […]
Scam of the Month: Fake Norton or Geek Squad Call Scam
Attackers are using criminal Gmail accounts to target members of our institution with a phishing scam that involves requesting the recipient call a phone number for additional information. The attackers use dozens of Gmail accounts, using each account to target only one or a few users and modifying minor details to avoid detection. As a […]
InfoSec Alert: Update Google Chrome Immediately to Address Zero-Day Vulnerability
Earlier this week, a member of Google’s threat analysis group discovered a vulnerability in Google Chrome that would allow attackers to execute arbitrary code or corrupt data on impacted machines. Google released a fix for this exploit soon after, and all Chrome users should be sure to update their browsers immediately. Chrome should update each […]
Keeping Information Security Simple – Privacy – Free isn’t free: If you aren’t paying for it, you and your data are the product being sold!
Letter from the CISO, Vol 1 Issue 8 Washington University Community: This is the National Cybersecurity Alliance’s Data Privacy Week (https://staysafeonline.org/data-privacy-week/), and because security is closely related to privacy, I thought I’d say a few things about it. The “right to privacy” was defined by Justice Louis Brandeis in an 1890 article as the right […]
Threats to Your Research Data and Intellectual Property
Your research data and intellectual property are valuable, not only in the pursuit of knowledge for the betterment of society but also to cybercriminals who seek to steal it or hold it for ransom. According to the Federal Bureau of Investigation , intellectual property theft is a growing threat in the digital era, and much […]
Phishing Awareness Phase II: Competition Winners to be Notified
The Office of Information Security recently added several layers of phishing protection for our institution. We hope you have located, and perhaps even used, the new Phish Alert Button (PAB). Last week, our office distributed our first university-wide message from the KnowBe4 platform, asking users to report it as a phish using the PAB to […]
Security Advice from a Busy Student
By Jack Ballenger (Class of 2024) During these two weeks of virtual classes, students will need to use Duo Mobile, an app for two-factor authentication (2FA), to access Canvas, Outlook, WebStac, and other WashU resources since they are not connected to campus WiFi. Two-factor authentication, also called multi-factor authentication (MFA) or two-step authentication, supplements your […]
How to Take Back Control of Your Data This Data Privacy Week
Adapted from The National Cybersecurity Alliance, January 2022 From social media to online shopping, our lives and the digital world become more intertwined every day. The digital world affords us a new level of convenience and access to information, but there may be a hidden cost to your privacy associated with these conveniences. Consumers must […]
Data Privacy Fast Facts
Adapted from National Cybersecurity Alliance In Case You Missed It Protecting the World’s Most Valuable ResourceWashington University Office of Information Security, December 2021
Scam of the Month: SMiShing and 3 Viruses Detected Scam
The Office of Information Security has received reports of a SMiShing campaign targeting people at our institution. SMiShing occurs when cybercriminals use tactics common to phishing campaigns in text messages, attempting to communicate legitimacy to their unsuspecting victim. The reported scam (pictured below) is a text-based version of a common and long-running scam that is […]
Keeping Information Security Simple – Automagically update everything!
Washington University Community: Modern computers and mobile devices are so complex that they invariably have unintended flaws. Some of these flaws create vulnerabilities by which cybercriminals can attack your computer, tablet, or phone. In fact, these vulnerabilities are one of the most common ways devices are hacked. The good news is that it is surprisingly […]
It’s the Scam, Scamiest Season of All!
The holidays have arrived! These final weeks of the year are extremely busy for many of us. People are traveling, shopping, awaiting packages, making end-of-year-donations, and trying to put a pin in 2021. Cybercriminals know and await these frenzied times. They especially like seasons of heightened online shopping and financial transactions because impersonating a bank, […]
Protecting the World’s Most Valuable Resource
The refrain “knowledge is power” has been repeated around the world for centuries, from ancient Sanskrit proverbs to the theme song of the animated American educational series, School House Rock. The pursuit of knowledge is central to our university mission. The objective—use knowledge to empower individuals and communities for the betterment of society. Knowledge can […]
Best of: A Lookback at 2021
What a year! We’ve continued to adapt to new working environments, a return to campus, new technologies, and novel cyberthreats. The Office Information Security launched a monthly newsletter, ran university-wide competitions, and engaged the WashU community with a slate of events and communications for Cybersecurity Awareness Month. Once again, we are proud to be among […]
The Realities of Ransomware
By: Harrison Stites (class of 2022) Ransomware accounted for over 80 percent of the cybersecurity attacks in the education sector in 2020, according to the Verizon Data Breach Investigation Report. Healthcare organizations such as BJC (and, by extension, WashU) are significant targets for ransomware attacks because they work with Personal Health Information (PHI) and other […]
Scam of the Month: COVID Omicron Phishing
Security researchers are warning of an uptick in phishing attacks targeting universities themed around COVID, Omicron, and testing information. These attackers seek to steal valuable information and often have the goal of tricking users into handing over their university (or other) log-in credentials. Below, you will find an example of a phishing message using Omicron […]
Have a Happy (and Secure) Thanksgiving
People across America are preparing to travel over the river and through the wood, visiting friends and family for Thanksgiving. The American Automobile Association predicts more than 53 million people will travel for Thanksgiving this year, an increase of 13% from 2020 and the most significant single-year increase since 2005. Many of us are eager […]
Scam of the Month: Direct Deposit Phishing Scam Impersonating University Leadership
Members of the WashU community are receiving phishing emails impersonating university leadership, including Chancellor Martin and Dean Perlmutter. These messages request changes to direct deposit information due to suspicious activity. Phishing scams often impersonate people in leadership positions to encourage a heightened sense of urgency in the recipient. Additionally, information about leaders is publicly available […]
Keeping Information Security Simple – Physical Security Comes First
Letter from the CISO, Vol 1 Issue 4 Washington University Community: Physical safety is a fundamental need of all animals, humans, computer systems, and devices. Last month I encouraged everyone to adopt a healthy dose of skepticism and paranoia regarding email, text, and social media messages to avoid becoming victims of social engineering attacks. This […]
Cybercrime and Human Intelligence
To defend ourselves against cybercrime, we cannot rely on technology alone. Cybercriminals constantly try different attack strategies, attempting to confuse, surprise, and manipulate their targets. Phishing emails are the most common attack strategy, and these messages are subject to the limitless creativity of their criminal authors. As a result, even state-of-the-art technology cannot perfectly detect […]
October is Cybersecurity Awareness Month
Cybersecurity Awareness Month is here! Cybersecurity Awareness Month is a global effort to help everyone stay protected whenever and however they connect. The Office of Information Security is proud to be a Cybersecurity Awareness Champion, supporting online safety throughout the year. We’re here to help every member of our community gain the knowledge and tools […]
SHRED-IT: Electronic Waste & Paper Shredding Drives
On Tuesday, October 19 and Tuesday, October 26, Operations & Facilities Management Department, the Office of Sustainability, WashU Office of Information Security, and BJC Information Security are teaming up to bring the WashU community e-waste recycling and confidential paper shredding services. All are welcome to bring accepted items to the collection drive. All confidential papers and hard drives […]
Scam of the Month—September 2021
Zero-Click Security Threat Earlier this month, the Office of Information Security published an alert about “zero-click” spyware. Typical cyberattacks require the target to interact in some way with malicious content by clicking on a link or downloading an attachment from an unknown sender. Zero-click attacks do not require this sort of engagement. According to the interim […]
Revised and Updated Policies 2021
The Washington University Office of Information Security (OIS) supports education, research, and clinical care by protecting systems and data for everyone at our institution. Security threats today are constantly changing as cybercriminals try new tactics to steal and hold ransom user and institutional data. To adapt to changes in the information security landscape, the OIS […]
InfoSec Alert: Critical Security Updates for Apple Devices
Apple recently released a critical software update for all Apple devices designated iOS 14.8, macOS Big Sur 11.6, and watchOS 7.6.2. Apple issued these emergency updates in response to reports that “zero-click” spyware has been discovered on their devices. Users can update their own devices using the following steps (please note that download times may […]
Keeping Information Security Simple – Be Skeptical and a Little Paranoid
Letter from the CISO, Vol 1 Issue 3 Washington University Community: “Keep Information Security Simple” has been my motto for nearly a decade. This month, I’d like to share an important thing that everyone can do to improve our security—slow down, just a little bit because haste makes good people fall for bad tricks. In the first […]
Get Inside the Hacker Mindset to Create Stronger Passwords
By Harrison Stites. In the last issue of SECURED, Chris Shull, Chief Information Security Officer, wrote about the importance of passwords. Specifically, Chris emphasized using unique and long passwords for each login to prevent hackers from accessing your accounts. However, for most users, remembering long, unique passwords is not feasible. Today, we will describe the tactics […]
Safety Tips for Back to School (Poster/Graphic)
By Harrison Stites. The Office of Information Security wishes everyone a safe and productive return to the classroom. In support of your return, we want to remind you of a few simple but important security strategies that you can use to protect yourself and your data. Back-Up Devices Back up your devices and accounts to prevent […]
Protect Yourself from Misinformation
By Harrison Stites. The internet provides a platform for anyone to share information, and legitimate news must fight through the noise of misinformation to reach readers. Misinformation is false or misleading information created by actors with malicious intent. It is especially dangerous when readers fail to detect its illegitimacy and perpetuate it by sharing it on social […]
Scam of the Month—August 2021
The Office of Information Security has received reports of a SMiShing campaign targeting students at our institution. SMiShing occurs when cybercriminals use tactics common to phishing campaigns in text messages, attempting to communicate legitimacy to the unsuspecting victim. The reported SMiShing attempt is posted below. The message sender is posing as someone in a position […]
Meet Your InfoSec Team: Kevin Hardcastle, WashU Associate CISO
Kevin Hardcastle, a long-time leader in information security has been instrumental in keeping WashU secure. Kevin was first drawn to IT while studying at Missouri State, where he received a bachelor’s degree in computer information systems. He has 36 years of experience in information technology, including 21 years of experience in information security. He began […]
Keeping Information Security Simple – Multi-Factor Authentication
Washington University Community: Thank you for the positive feedback on June’s first issue of our new Information Security Bulletin, “Secured!” If you missed it, you can read it and other articles of interest at https://informationsecurity.wustl.edu/blog/. For almost a decade, I’ve been trying to “Keep Information Security Simple” (KISS) for my clients, employers, and friends. KISS is […]
Workday Security
Washington University recently adopted Workday, a cloud-based software system for managing finances, human resources, and planning. The new system provides a single, integrated system for managing multiple facets of daily operations at WashU. WashU takes the security of your data and our systems seriously. Therefore, the system that we use to manage sensitive information such […]
How to use your source-checking skills to stay safe from phishing
By Harrison Stites According to IC3, an FBI subsidiary, 241,342 Americans were victims of successful phishing attacks in 2020. The tactics used in phishing continue to evolve with the intent of getting you to divulge sensitive information or download malicious attachments. However, you already possess the skills to prevent phishing attacks and stay safe online. […]
Save, Secure, and Share with Box and OneDrive
Institutions such as Washington University have incredible data storage and transfer needs. Members of our community are continuously engaged in research, teaching, and patient care, producing large quantities of data that need secure storage as well as accessibility. Further, the COVID-19 remote-work era has demonstrated the need for file access from multiple devices, in multiple […]
Phishing 101
Email phishing has long been the method of choice for many cybercriminals who seek to exploit vulnerabilities for personal gain. These attacks are continually revised and refreshed to take advantage of current trends and new strategies used to socially engineer their victims. Phishing works so well because it takes advantage of human emotion, convincing unsuspecting […]
Scam of the Month—July 2021
Before we get to our Scam of the Month for July, we wanted to take a minute to say thanks to one of our readers who took the time to reach out and provide some additional clues from last month’s column. Here is a link to our post from last month: https://informationsecurity.wustl.edu/scam-of-the-month-june-2021/ Our reader points out […]
Meet Your Infosec Team: Joe Susai, Chief Information Security Officer, Washington University School of Medicine
This month, we met with Joe Susai, WUSM CISO, to learn more about what he does at WashU and his background. Please read on for our questions and his answers. What is your role at WashU? I am responsible for all aspects of information security practice and programming for Washington University School of Medicine’s clinical, […]
Don’t Let Digital Highwaymen Spoil Your Summer Adventures
After more than a year of remote work and learning, summer vacation is calling, and families are ready to roam! According to the American Automobile Association (AAA), more than 47.7 million Americans will travel this Independence Day (July 1-5) ( Hall 2021 ), a 40% increase in travel volume over last year. Most travelers (43.6 […]
Avoiding Workday Phishing Scams
Washington University will soon adopt Workday, a cloud-based software system for managing finances, human resources, and planning. The new system provides a single, integrated system for managing multiple facets of daily operations at WashU. Background WashU takes the security of your data and our systems seriously. Therefore, the system that we use to manage sensitive […]
Meet Your Infosec Team: Chief Information Security Officer, Chris Shull
On June 1, 2021, Chris Shull assumed the role of Chief Information Security Officer (CISO) for Washington University in St. Louis. He comes to WashU from Huron Consulting Group, which is working on several other projects at WashU. Chris has joined Joe Susai, the CISO for the School of Medicine, and Kevin Hardcastle, Associate CISO […]
Scam of the Month—June 2021
In each issue of the newsletter, we will feature, discuss, and dissect a scam that has appeared on our campus. These scams are “real” attempts to infiltrate our systems and/or gain access to sensitive and personal information of individuals in our community. By sharing these examples with our readers, we hope to enhance your awareness […]
The Office of Information Security (OIS) is Your Ally in the Cybercrime Arms Race
Educational institutions such as WashU are prime targets for cybercriminals who use ever-evolving tactics to infiltrate systems, steal data, block access, and demand ransoms under the threat that they will publish sensitive data online. Universities operating medical centers are especially vulnerable, as they manage large amounts of sensitive patient health data. According to the Ponemon Institute, […]
Social Engineering Red Flags
Phishing, the practice of sending fraudulent emails in order to induce recipients into surrendering private information and login credentials, is the single most common type of cybercrime today. According to a recent report by the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), nearly one-third of complaints received in 2020 were about various forms […]
Letter from the CISO – Everyone is in InfoSec
Washington University Community: I welcome you to this inaugural edition of our new Information Security Bulletin. My primary goal for the bulletin is to empower every member of our community to do their part in protecting us from cybersecurity attacks. A few years ago, the CISO for a health system was asked how many people […]
Updated Device Security Guidance and Best Practices
Device security is essential for protecting your privacy and data. Sound device security involves using features built into your devices, such as setting a passcode or adjusting privacy settings and protecting the physical security of the device itself. Devices are valuable and are enticing to opportunistic passersby, whether they are after the device itself or […]
SHRED IT: E-Waste Recycling and Paper Shredding Events
On Tuesday, April 20 and Tuesday, April 27, the Office of Sustainability and the Office of Information Security will be hosting e-waste recycling drives and confidential paper shredding services at the Danforth Campus and School of Medicine, respectively. Visitor restrictions related to COVID-19 health and safety require these events to be restricted to our campus […]
Phishing Alert: Tax Scam Targeting Educational Institutions
The Internal Revenue Service (IRS) issued a warning today (Tuesday, March 30, 2021) about an ongoing impersonation scam targeting educational institutions. Faculty, students and staff with email addresses ending in .edu are primary targets for this scam. How this Scam Works This criminal scam attempts to capture personal information from recipients by prompting them to […]
Phishing Alert: Credential Phishing Detected on Campus
The Office of Information Security received a reported phishing message that contains a dangerous credential phishing scam. This malicious email states that there is a document available in OneDrive, but that the recipient will need to follow a link in the email to sign in and see it. Unsuspecting victims who type their credentials into […]
The Magical World of Password Managers
Adapted from Tara Schaufler/EDUCAUSE I admit it. I was hesitant and fearful of using a password manager. But then my employer purchased password management software and asked me to introduce it to our organization. What a conundrum! I had avoided using the software up until this time. But why? Honestly, I did not trust that […]
Security Guides for iOS/macOS Posted, WIN and Android Coming Soon
Most of us rely heavily on our computers and personal devices to do our jobs, shop for our households, navigate unfamiliar roads, communicate with others, and myriad other tasks. Today, we may take this continuous access to the Internet as a given, hopping on and off networks as we move through the world, allowing location […]
Keep Your Information Secure This Tax Season
Tax season is here again, and as always, that means internet scammers are looking for openings to take advantage of heightened online traffic. According to IRS Commissioner Chuck Rettig, “This is generally the hunting season for online thieves, but this year there’s a dangerous combination of factors at play that should make people more alert” […]
INFOSEC ALERT: Social Security Vishing on Campus
Our office received a report of a vishing (fraudulent phone call) attack targeting a WashU student. In the attack, the caller claimed that the student’s social security number had been associated with overseas drug-trafficking activity. Another popular Vishing campaign involves impersonating support personnel from companies like Apple or Amazon. In this scam, the attackers call […]
Seminar – Securing Research Data Compliance CMMC/NIST 800-171
This free, one-day seminar will bring you up-to-speed on the new, government-mandated research data (Controlled Unclassified Information – CUI) cybersecurity requirements. The new requirements reach beyond IT cybersecurity by requiring processes, procedures, and documentation throughout any part of our organization that provides resources for the regulated Department of Defense (DoD) research. Follow this link to […]
Device Security for the Entire Family
The holiday season is here! As we prepare our hearths and homes to celebrate the holidays with friends and family, we sense that this season will be different. According to the National Retail Federation (https://nrf.com/media-center/press-releases/nrf-expects-holiday-sales-will-grow-between-36-and-52-percent ), online sales are expected to grow by at least 30% this year, adapting to the constraints of a pandemic […]
Top Phishing Threats Last Year: Impersonation and Credential Phishing
The Office of Information Security works diligently to protect our institution from phishing threats. Ultimately, however, our shared security depends on your vigilance. You can protect yourself by avoiding engagement with phishing attempts, and you can help protect all of us by swiftly reporting these threats to our office. When you report a phishing attempt, […]
KringleCon Holiday Hack Challenge 2020
For more than a decade, SANS has offered a free Holiday Hacking Challenge. In 2018, the challenge was dubbed “KringleCon.” WUIT personnel banded together to join the challenge in 2019. Working in their spare time, they ventured deep into the mystery of KringleCon. Alas, they did not make it to the end. This year, the […]
Thank You for Participating in Cybersecurity Awareness Month 2020
The Office of Information Security extends its gratitude to the faculty, staff, and students who participated in the events and activities of Cybersecurity Awareness Month 2020! During the month of October, we hosted a slate of webinars and presentations to help our community stay informed and empowered in the digital era. This year, our program […]
Protect Yourself Online This Holiday Season
The holiday season is upon us! As many of us prepare our homes, pantries, and gift lists for the approaching season, cybercriminals are simultaneously preparing to exploit security vulnerabilities to their advantage. According to the Cybersecurity & Infrastructure Security Agency(CISA), these bad actors target online shoppers by using the following tactics: Creating fraudulent websites, emails, […]
WEBINAR: How to Make the Most Out of a Cybersecurity Career
Our friends at WashU’s Technology and Leadership Center are hosting the following free webinar for people who are interested in exploring careers in cybersecurity. Ethical hackers, analysts and penetration testers have never been more in demand – Nearly half a million cybersecurity professionals are needed nationally, says (ISC)2. If you want to start or shift […]
InfoSec Alert: Cybersecurity Attacks Targeting US Healthcare Systems
During the week of October 26, multiple federal agencies notified Washington University of a credible cybersecurity threat to US health care providers. This threat has impacted several hospitals across the country within the last few days, and intelligence officials suggest several hundred more may be targeted in the near future. Washington University has a dedicated […]
PHISHING ALERT: Malicious Email Indicating New Payroll Approvals Required
The Office of Information Security has identified a phishing threat in which the sender indicates new payroll approvals are required. This is a malicious email attempting to get users to follow a link to a fake login portal. Any user information that is entered in this fake portal will be captured by the criminals as […]
E-Waste Recycling and Light Bulb Swap
The Office of Sustainability and the Office of Information Security are planning an e-waste recycling and light bulb swap event for Cybersecurity Awareness Month (October 2020). All hard drives collected in this drive will be securely and safely recycled by certified vendors. On the last Thursday of October (10/29) and first Thursday of November (11/5), the Office of […]
Introducing Interim Chief Information Security Officer, Chris Shull
In September, Chris Shull assumed the role of Interim Chief Information Security Officer (CISO) for Washington University in St. Louis. He comes to us from Huron Consulting Group, which is working on several other projects at WashU. Kevin Hardcastle has stepped back from the CISO role, and is working diligently with Chris to advance the […]
WEBINAR: Topics in Security with Brian Allen
Information Security Manager Brian Allen will deliver a presentation on some of the most important topics in information security today. Brian will discuss the latest incidents and vulnerabilities detected on the WashU network during the last year and look at some new tools we have available to detect and remediate threats. We will be releasing […]
Revised and Updated Policies 2020
The Washington University Office of Information Security maintains a sustainable information security program supporting the vital work of education, research, and clinical care while also protecting our systems and users’ security. We can only achieve strong information security for all if we each take personal responsibility for ensuring our systems’ security. We continuously improve our […]
October is Cybersecurity Awareness Month
Cybersecurity Awareness Month is here! Cybersecurity Awareness Month is a global effort to help everyone stay protected whenever and however they connect. The overarching theme for the month is, “Do Your Part, #BeCyberSmart.” The Office of Information Security is proud to be a Cybersecurity Awareness Month Champion, supporting online safety throughout the year. We’re here […]
Information Security Manager Brian Allen to Speak at Virtual Zeek Week 2020
Information Security Manager Brian Allen will deliver a presentation entitled “Zeek, and Splunk, and Alertus, oh My” during Virtual Zeek Week 2020. This is a single session of a larger event that includes many opportunities to learn about technical aspects of the work being done by information security professionals. Details for registering for Virtual Zeek […]
Meet Joe Susai, WUSM Chief Information Security Officer
The Office of Information Security will host a webinar featuring one of our newest IT leaders on the School of Medicine campus, Joe Susai, WUSM chief information security officer (CISO). Susai will share remarks about his new role at the medical school and how he will work with WashU CISO, Kevin Hardcastle, to provide strong […]
Cybersecurity Awareness Month Is Right Around the Corner
October is Cybersecurity Awareness Month. Cybersecurity Awareness Month was launched as National Cybersecurity Awareness Month in October 2004 as a joint effort between the National Cyber Security Alliance and the U.S. Department of Homeland Security. The objective of National Cybersecurity Awareness Month was to raise awareness of the importance of cybersecurity and offer resources to […]
Working Safely and Securely in a Remote Environment
Original post by Zarmeena Waseem for EDUCAUSE Here are some helpful tips and effective practices for working safely and securely in a remote environment, whether it’s a temporary situation or a permanent transition. Use a VPN Make use of the corporate VPN at your university for an extra layer of security any time you find […]
National Cybersecurity Awareness Month (NCSAM) is Coming!
WashU InfoSec is honored to be among institutions named NCSAM Champions. We champion the cause of information security in our community by offering information, resources, and events throughout the year with special offerings during NCSAM every October. Stay tuned for our schedule of October events to help you #BeCyberSmart. To see a complete list of […]
Find Useful Resources on the InfoSec Website
The Office of Information Security strives to provide a comprehensive set of tools, services, and information to empower members of our community to protect themselves and their data. These priorities are evident in our stated mission, “to build a sustainable information security program that balances the need to protect with the need to support the […]
Protect Yourself from Social Engineering
The Office of Information Security continuously works to protect our community from a wide variety of phishing activity and other security threats. Currently, the majority of the phishing threats we see involve some form of social engineering. What is social engineering? Social engineering attempts to manipulate people by exploiting psychology and emotions such as fear, […]
PHISHING ALERT: Tech Support Scams (Vishing)
The Office of Information Security has observed a recent uptick in ‘tech support scams’ that attempt to trick unsuspecting victims into calling a fake customer-support number to discuss alleged problems with their devices or services. How do customer service scams work? These scams often closely mimic actual support pages and contact information to fool unsuspecting […]
UPDATED: Security Threats Targeting COVID-19 Researchers
Law enforcement and government agencies, including the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), have issued warnings about criminal activity targeting COVID research. Below, you will find links to relevant guidance and announcements about this threat. FBI director says China seeks to compromise U.S. firms researching coronavirus – WaPo […]
Tax Deadline Extension and Phishing Scams
As a result of the COVID-19 pandemic, the deadline for filing state and federal tax returns is postponed until July 15, 2020. As the deadline approaches, we want to make you aware of the more common tax fraud scams that our office sees each year. We have also compiled some helpful resources to assist you […]
Better Protection with Encryption
Secure encryption is a frequently discussed and recommended strategy for protecting the information that we send, receive, and store on our devices. Encryption is one of the best defenses against those who seek to gain unauthorized access to your digital information. Federal, state, and industry regulations governing the work we do at WashU require that […]
INFOGRAPHIC: 22 Social Engineering Red Flags
Social engineering is one of the primary strategies criminals use in their attempts to attack our systems. From an information security perspective, social engineering is the use of manipulative psychological tactics and deception to commit fraud. The goal of these tactics is to establish some level of trust in order to convince the unsuspecting victim […]
INFOGRAPHIC: 20 Ways to Stop Mobile Attacks
Mobile devices have become an ever-present component of the way we interact with our peers and colleagues. We have desktops and laptops to do the heavy lifting, but the vast majority of us are using some sort of mobile device to access our work during times when we don’t have access to our computers. With […]
PHISHING ALERT: Malicious Email with Voicemail Attachment
The Office of Information Security has received reports of a malicious email stating that users have a new voicemail. This message includes an attachment that appears to be the content of the voicemail message. Upon clicking on the attachment, the recipient is redirected to a fake login page requesting their password. Recipients who enter their […]
PHISHING ALERT: Email Threatening to Reveal Personal Information
The Office of Information Security has identified a phishing threat in which the sender indicates they have compromising information about the recipient, offering as proof a plaintext password that may look familiar to the recipient. These passwords are NOT an indication that the sender has access to any special information about you. They are simply […]
Profile: Betsy Ball, Information Security Architect
Please join us in welcoming Betsy Ball to the Office of Information Security’s team! Betsy comes to us with more than 30 years of IT experience, including work in user support as well as server, network, and firewall administration. In her role at WashU, she will serve as an Information Security Architect, working with the […]
COVID-19: Fake Online Coronavirus Map Delivers Malware
A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for unwitting internet users to visit the website. Visiting the website infects the user with a Trojan, an information-stealing program. It is likely being spread via infected email attachments, malicious online […]
COVID-19: UPDATED Criminal Scams Seek to Exploit COVID-19 Fears
Multiple organizations, including the World Health Organization (WHO), have issued warnings that scammers are seeking to use the current outbreak of COVID-19 for personal gain. The Office of Information Security has compiled the following resources and information to assist anyone who fears they may fall victim to one of these scams. It is important to […]
POSTPONED: Shred IT, Secure E-Waste Recycling Event
This event has been postponed. We will do our best to reschedule for a later date. Please stay tuned for updates about this event. The Office of Sustainability and the Office of Information Security will be hosting an e-waste recycling and confidential paper shredding event. All are welcome to bring accepted items to the collection […]
VIDEO: Gil the Phish Drops the Bait
Gil is always coming up with new ways to trick unsuspecting users with his phishy emails. You can avoid becoming a victim of one of Gil’s scams by learning the signs of a phishing email and reporting anything suspicious to phishing@wustl.edu. For more information about how to avoid being a victim of phishing, follow the […]
Photo Gallery: Gil and InfoSec at WUSM Heath Happening Fair
The Office of Information Security hosted a table at the WUSM Health Happening Fair on February 21, 2020. We had a great turn out, distributing mic and camera blockers, phone grips, and valuable information to hundreds of our colleagues at the School of Medicine. Gil the Phish made an appearance at the table, to the […]
Tax Time is Open Season for Phishing Scams
Tax season is here again, and with it comes an uptick in scammers using phishing emails designed to steal personal information from their victims in order to commit tax fraud. We encourage you to use extreme caution with any email correspondences requesting personal information. Please refrain from opening any attachments or following any links in […]
Ask The Experts: Password Management
According to the U.S. Department of Homeland Security (DHS), strong passwords and multi-factor authentication are key to maintaining information security. The strongest passwords are composed of upper- and lower-case letters, special characters, and numbers. Long and unpredictable passwords are ideal, and according to DHS, these passwords should not include any words that “can be found […]
Gil the Phish Tempts with Gifts
Phishers like Gil never take a vacation. Now that the holiday season is drawing to a close, perpetrators of phishing schemes are using new tactics to lure unsuspecting recipients into their nets. One such scam involves enticing the recipient of a phishing attempt with free gifts. You may receive unsolicited but familiar-looking e-mails with offers […]
Revised and Updated Policies 2019
The Washington University Office of Information Security strives to build a sustainable information security program that supports the vital work of education, research, and clinical care while also protecting the security of our systems and users. Information security is important to every member of our community, and we all share personal responsibility for ensuring the […]
External Email Notification Helps Identify Phishes
In the coming weeks, we will introduce a new feature in our email system that will notify users of emails originating from outside of the university. This change is being made to make it easier for everyone at our institution to identify phishing emails. Phishing attacks are on the rise, and often employ multiple methods […]
NCSAM Retrospective
The Office of Information Security recently wrapped up a month of exciting activities and events across Washington University campuses for National Cybersecurity Awareness Month. We are grateful to everyone who took the time to participate in this year’s events, and we are already looking forward to next year’s program. During October 2019, the Office of […]
Gil the Phish and NCSAM Happenings
National Cyber Security Awareness Month (NCSAM) is about halfway over, and we’ve been having a great time spreading the word about digital security across our campus. We kicked off the month with a successful Shred IT event, and on October 14, we participated in Danforth Health Happening. Our presence at Health Happening was hard to […]