Alerts Newsletter

SECURED Special Bulletin: SMiSh Attack, Last Call for $250, Windows Vulnerability, and Improved Account Security

Website Scavenger Hunt Ends Soon (Win $250)

Please take some time to visit our website scavenger hunt for a chance to win $250 in Bear Bucks if you haven’t already. This competition ends tomorrow at midnight, so get your entry in soon to learn about some key resources and secure your chance to win.

Chance to Win $250 with OIS Website Scavenger Hunt | Office of Information Security | Washington University in St. Louis

SMiSh Impersonation Scam, Chancellor Edition

A recent SMiShing scam targeted our institution by impersonating Chancellor Martin and asking recipients for gift cards. You can rest assured that the chancellor (or your supervisor) will not reach out to ask for gift cards. SMiShing is a type of attack that uses the social engineering tactics commonly associated with email phishing via text message. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly powerful when the person being impersonated is in a position of authority. Please watch out for scams like these, and practice a healthy degree of skepticism when you see these unusual requests. When in doubt, you can always reach out to the person being impersonated using known contact methods. You should never reach out by replying directly to the message, following any links in it, or using any contact info it contains. Read more about this scam and how to avoid it at the following link.

SMiShing Scam Seeks to Obtain Gift Cards by Impersonating Chancellor | Office of Information Security | Washington University in St. Louis

Windows Vulnerability

The Office of Information Security has been working hard with IT leaders across the university to protect our systems from a recent threat to Windows users designated CVE-2022-30190. We have taken steps to neutralize this threat on all managed machines and servers. If you have a machine that you manage, you can find more information about protecting yourself and your machines at the link below.

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability – Microsoft Security Response Center

Improved Security with Modern Authentication

Security threats are continuously evolving, and so are we. Microsoft is discontinuing “Basic Authentication” and upgrading to “Modern Authentication” for the Exchange online email service offered in Office 365. This security upgrade will require some short-term attention from our users, but it will not impact your email experience, and it will ensure better protection. Most users are already using this improved authentication method. Please stay tuned for additional information from WashU IT about impacted users and the best action to take.