How this scam works
WashU students are reporting they are receiving fraudulent job offers promising hundreds of dollars per week. The scammer will often ask you to move the conversation to some different, non-WashU messaging platform, like text, before requesting sensitive information like social security numbers, bank account information, etc.
What you should do
If you receive a suspicious message like the one described above, please report it to our office using the Phish Alert Button or by emailing infosec@wustl.edu so we can investigate. If the sender is claiming to be someone you know or someone from WashU, please do not engage with them by replying to the message. Instead, find a legitimate and verifiable WashU contact method for them and reach out to ask if they sent the suspicious message.
Sample message
More information about scams like this one
To read more about how scams like these work, please visit our article about job offer scams from earlier today.
https://informationsecurity.wustl.edu/job-posting-scam/
Protect your account
If you believe you may have turned over sensitive information to a scammer or criminal, you should change your WUSTL Key password immediately. If you are unsure if you interacted with this message by visiting the link or entering any information, please change your WUSTL Key password now.
You can change your password by visiting the guide at How do I Change my WUSTL Key Password – Information Technology or by finding the appropriate link in WUSTL ONE (one.wustl.edu).
If you see a message like the one featured, please do not interact with any links or follow any special instructions regarding authentication methods. Simply report it using the Phish Alert Button (PAB) in your Outlook interface.
It’s always best to err on the side of caution and report anything that seems remotely suspicious. Our team will analyze all submissions and return them to you if they’re determined to be safe.
Stay informed
Be sure to read our newsletter, SECURED, when you see it in your inbox or by visiting our blog (https://informationsecurity.wustl.edu/blog/). We cover the latest topics, resources, and best practices in information security.
Contact our office
If you have questions or concerns about this update, please contact the Office of Information Security by emailing infosec@wustl.edu. As always, we appreciate your vigilance as we work together to keep WashU secure.