Cybersecurity Awareness Month: Phishing

Phishing Infographic

When you receive a suspicious email, please report it using the Phish Alert Button (PAB) from your Outlook account.  Cybersecurity Awareness Month Test Your Knowledge Competition We invite you to show us what you know by entering our Test Your Knowledge: Cybersecurity Awareness Month edition. Complete this activity to test what you know and receive an entry […]

Phish Alert Button Video Guide

Phishing is the most common tool used by cybercriminals to steal login credentials, personal information, data, and intellectual property. If you receive a “phishy” email (i.e., an email that demands unexpected quick action, comes from an unknown sender, asks you to supply login credentials or other personal information, etc.), please protect yourself and others at […]

Phishing Alert: Credential Phishing Detected on Campus

The Office of Information Security received a reported phishing message claiming to be from Washington University and threatening to terminate user accounts. This malicious email asks the user to cut and paste a URL into their browser. This phishing website prompts for a WUSTLKey username, password, and phone number. Unsuspecting victims who type their credentials […]

Phishing Awareness Phase II: Competition Winners to be Notified

WIn 10 PAB (Report Phish)

The Office of Information Security recently added several layers of phishing protection for our institution. We hope you have located, and perhaps even used, the new Phish Alert Button (PAB). Last week, our office distributed our first university-wide message from the KnowBe4 platform, asking users to report it as a phish using the PAB to […]

Scam of the Month: Direct Deposit Phishing Scam Impersonating University Leadership

Chanc Impersonation Direct Deposit Phish

Members of the WashU community are receiving phishing emails impersonating university leadership, including Chancellor Martin and Dean Perlmutter. These messages request changes to direct deposit information due to suspicious activity.  Phishing scams often impersonate people in leadership positions to encourage a heightened sense of urgency in the recipient. Additionally, information about leaders is publicly available […]

Scam of the Month—August 2021

SMiSh Example

The Office of Information Security has received reports of a SMiShing campaign targeting students at our institution. SMiShing occurs when cybercriminals use tactics common to phishing campaigns in text messages, attempting to communicate legitimacy to the unsuspecting victim.  The reported SMiShing attempt is posted below. The message sender is posing as someone in a position […]

InfoSec Alert: SMiShing Detected on Campus

The Office of Information Security has received reports of a SMiShing campaign targeting students at our institution. SMiShing occurs when cybercriminals use tactics common to phishing campaigns in text messages, attempting to communicate legitimacy to the unsuspecting victim. The reported SMiShing attempt is posted below. The message sender is posing as someone in a position […]

How to use your source-checking skills to stay safe from phishing

By Harrison Stites According to IC3, an FBI subsidiary, 241,342 Americans were victims of successful phishing attacks in 2020. The tactics used in phishing continue to evolve with the intent of getting you to divulge sensitive information or download malicious attachments. However, you already possess the skills to prevent phishing attacks and stay safe online. […]

Phishing 101

Email phishing has long been the method of choice for many cybercriminals who seek to exploit vulnerabilities for personal gain. These attacks are continually revised and refreshed to take advantage of current trends and new strategies used to socially engineer their victims.  Phishing works so well because it takes advantage of human emotion, convincing unsuspecting […]

Scam of the Month—July 2021

Before we get to our Scam of the Month for July, we wanted to take a minute to say thanks to one of our readers who took the time to reach out and provide some additional clues from last month’s column. Here is a link to our post from last month: https://informationsecurity.wustl.edu/scam-of-the-month-june-2021/ Our reader points out […]

Avoiding Workday Phishing Scams

Washington University will soon adopt Workday, a cloud-based software system for managing finances, human resources, and planning. The new system provides a single, integrated system for managing multiple facets of daily operations at WashU. Background WashU takes the security of your data and our systems seriously. Therefore, the system that we use to manage sensitive […]

Scam of the Month—June 2021

In each issue of the newsletter, we will feature, discuss, and dissect a scam that has appeared on our campus. These scams are “real” attempts to infiltrate our systems and/or gain access to sensitive and personal information of individuals in our community. By sharing these examples with our readers, we hope to enhance your awareness […]

Social Engineering Red Flags

Phishing, the practice of sending fraudulent emails in order to induce recipients into surrendering private information and login credentials, is the single most common type of cybercrime today. According to a recent report by the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), nearly one-third of complaints received in 2020 were about various forms […]

Phishing Alert: Tax Scam Targeting Educational Institutions

The Internal Revenue Service (IRS) issued a warning today (Tuesday, March 30, 2021) about an ongoing impersonation scam targeting educational institutions. Faculty, students and staff with email addresses ending in .edu are primary targets for this scam. How this Scam Works This criminal scam attempts to capture personal information from recipients by prompting them to […]

Phishing Alert: Credential Phishing Detected on Campus

The Office of Information Security received a reported phishing message that contains a dangerous credential phishing scam. This malicious email states that there is a document available in OneDrive, but that the recipient will need to follow a link in the email to sign in and see it. Unsuspecting victims who type their credentials into […]

Keep Your Information Secure This Tax Season

Tax season is here again, and as always, that means internet scammers are looking for openings to take advantage of heightened online traffic. According to IRS Commissioner Chuck Rettig, “This is generally the hunting season for online thieves, but this year there’s a dangerous combination of factors at play that should make people more alert” […]

INFOSEC ALERT: Social Security Vishing on Campus

Our office received a report of a vishing (fraudulent phone call) attack targeting a WashU student. In the attack, the caller claimed that the student’s social security number had been associated with overseas drug-trafficking activity.  Another popular Vishing campaign involves impersonating support personnel from companies like Apple or Amazon. In this scam, the attackers call […]

Device Security for the Entire Family

The holiday season is here! As we prepare our hearths and homes to celebrate the holidays with friends and family, we sense that this season will be different. According to the National Retail Federation (https://nrf.com/media-center/press-releases/nrf-expects-holiday-sales-will-grow-between-36-and-52-percent ), online sales are expected to grow by at least 30% this year, adapting to the constraints of a pandemic […]

Top Phishing Threats Last Year: Impersonation and Credential Phishing

The Office of Information Security works diligently to protect our institution from phishing threats. Ultimately, however, our shared security depends on your vigilance. You can protect yourself by avoiding engagement with phishing attempts, and you can help protect all of us by swiftly reporting these threats to our office. When you report a phishing attempt, […]

InfoSec Alert: Cybersecurity Attacks Targeting US Healthcare Systems

During the week of October 26, multiple federal agencies notified Washington University of a credible cybersecurity threat to US health care providers. This threat has impacted several hospitals across the country within the last few days, and intelligence officials suggest several hundred more may be targeted in the near future. Washington University has a dedicated […]

PHISHING ALERT: Malicious Email Indicating New Payroll Approvals Required

The Office of Information Security has identified a phishing threat in which the sender indicates new payroll approvals are required. This is a malicious email attempting to get users to follow a link to a fake login portal. Any user information that is entered in this fake portal will be captured by the criminals as […]

Cybersecurity Awareness Month Is Right Around the Corner

October is Cybersecurity Awareness Month. Cybersecurity Awareness Month was launched as National Cybersecurity Awareness Month in October 2004 as a joint effort between the National Cyber Security Alliance and the U.S. Department of Homeland Security. The objective of National Cybersecurity Awareness Month was to raise awareness of the importance of cybersecurity and offer resources to […]

Whaling, SMiShing, and Vishing…Oh My!

original post by Eric Weakland, EDUCAUSE Cybercriminals use types of social engineering—manipulating people into doing what they want—as the most common way to steal information and money. Social engineering is at the heart of all types of phishing attacks—those conducted via email, SMS, and phone calls. Technology makes these sorts of attacks easy and very […]