The Office of Information Security has received reports of malicious emails indicating that users need to follow a link to change their passwords. This email is a fraudulent message attempting to obtain personal information from unsuspecting victims. The criminals behind this effort are hoping to trick users into following a link in that email, then entering their credentials into a fake portal controlled by the hackers.
In the example message below, there are three clear indicators that this is a phishing attempt. The email language contains grammatical errors, the tone of the text is urgent, and the email itself urges users to follow a provided link to “update your email account immediately.” As always, approach with extreme caution any emails that contain errors in grammar, usage, or punctuation. These errors are a telltale sign of a phishing attempt. It is best to avoid following links in emails, even if they come from familiar senders. In the example email below, a savvy email user would ignore the link in the email, instead verifying their WUSTL password status using familiar systems in our WashU network. Additionally, it is always a good idea to verify the authenticity of any suspicious emails from known senders by calling the sender on the phone using a contact number obtained through the directory or other reliable source.
If you receive an email such as this or any other suspected phishing attempt, please do not click on any links or download any attached files. Forward the email to phishing@wustl.edu and delete the email from your inbox.
If you have additional questions or concerns, please reach out to us at the Office of Information Security at infosec@wustl.edu. We appreciate all that you do to keep our university secure.