How this Scam Works
Members of the WashU community are receiving fraudulent emails that ask them to divulge their WUSTL Key and credentials in a Google Form.
If someone clicks the malicious link in the email, they will be led to a Google Form asking for their WUSTL Key and credentials. Here are some examples of malicious Google Forms:
Even though these forms warn you to never submit passwords in Google Forms, the scammer hopes a victim will enter their WUSTL Key credentials and authorize a DUO push or phone call. Once a victim submits this information, their account can be compromised.
What you should do
You should never enter your credentials into a Google Form.
If you believe you may have turned over sensitive information to a scammer or criminal, you should change your WUSTL Key password immediately. If you are unsure if you interacted with this message by visiting the link or entering any information, please change your WUSTL Key password now.
You can change your password by visiting the guide at How do I Change my WUSTL Key Password – Information Technology or by finding the appropriate link in WUSTL ONE (one.wustl.edu).
If you visit a Google Form asking for your credentials, please do not interact with it or follow any special instructions regarding authentication methods. Simply close the form and report the email it came from using the Phish Alert Button (PAB) in your Outlook interface.
It’s always best to err on the side of caution and report anything that seems remotely suspicious. Our team will analyze all submissions and return them to you if they’re determined to be safe.
Stay Informed
Be sure to read our newsletter, SECURED, when you see it in your inbox or by visiting https://informationsecurity.wustl.edu/news/. We cover the latest topics, resources, and best practices in information security.
Contact Our Office
If you have questions or concerns about this update, please contact the Office of Information Security by emailing infosec@wustl.edu. As always, we appreciate your vigilance as we work together to keep WashU secure.