Scam of the Month: Direct deposit bank account changed 

The Office of Information Security observed a trend where criminals email members of our community false direct deposit change notifications with a malicious link. They hope the victim will click the link and give their WashU credentials or direct deposit information. Payroll Services does not change direct deposit information. Only employees can change it themselves […]

Scam of the Month: Duo Verification Code Text Phishing 

WUSTL EDU ALERT! You submitted your Edu details for verification in other to put a stop to your email termination process Reply with a YES if you are available to carry out your verification process now which requires a verification code Failure to reply now will result in the termination of your account shortly IT management

Criminals who’ve stolen WUSTL Keys and passwords are masquerading as IT support over text messages to get us to enter Duo verification codes. Legitimate WashU employees will not ask you to enter codes into your Duo app. Only enter a verification code if you are logging in for yourself. Do not enter a code given […]

Scam of the Month: Outstanding Toll Amount 

Text message saying: (State Toll Service Name): We've noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00, visit https://myturnpiketollservices.com to settle your balance.

Road trip season is approaching, and the FBI has observed criminals impersonating road toll collection services via text message. While there is only one toll bridge in Missouri – the Lake of the Ozarks Community Bridge (for now) – many neighboring states operate toll roads.   If you see a message like the one below, please […]

Scam of the Month: DEA Impersonation Phone Call 

According to Washington University School of Medicine Protective Services, the WUSM Physical Therapy department received a call from someone impersonating the DEA to steal personally identifiable information.  In the call, they claimed to be an investigator from the DEA headquarters, saying that a nurse practitioner had reported fraud under their name, medical license number, and […]

Scam of the Month: RESEARCH ASSISTANT VACANCY FOR UNDERGRADUATE

From: Lexus Scott Subject: RESEARCH ASSISTANT VACANCY FOR UNDERGRADUATE REDEFINED RESEARCH ASSISTANT OPPORTUNITY Washington University in St. Louis Department of Computer Science & Engineering at is looking for research assistants who are willing to work remotely for $350 a week. Students from any department at the university may participate in the study. Text Professor Patrick Crowley at (505) 309-0428 with your full name, email address, department, and year of study to receive the job description and additional application requirements. Many Regards. Professor of Computer Science, Patrick Crowley.

The Office of Information Security has observed a trend in which criminals advertise a job while impersonating a Professor of Computer Science and Engineering. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly enticing if offered employment.  If you see a message like the one below, […]

Scam of the Month: COVID-19 Variant Poses Risks in our University 

From: Wustl Health Care Center Subject: Emergency Notice: COVID-19 Variant Poses Risks in our University I trust this message finds you in good health. I am writing to share critical information that impacts the health and safety of our academic community. Regrettably, we have recently received confirmation of a positive COVID-19 variant test result for a member of our university staff. Despite a significant portion of our staff and faculty being vaccinated, it is crucial to acknowledge that certain variants may pose challenges even to those who have received the vaccine. As a precautionary measure, we are actively initiating contact tracing to identify and mitigate potential risks. To assist us in determining whether you have been in close proximity to the affected staff member, we have established a dedicated webpage for your convenience. Please click the following link: [Access Detailed Staff Information] to review specific details about the individual in question. Prompt reporting of any interactions or contact is crucial, as it greatly contributes to the overall safety and security of our community. We understand that this news may be concerning, but please rest assured that our medical team is available to address any questions and provide guidance. You can contact them at [Healthcare@wustl.edu], and they will offer the necessary assistance. Our commitment to your well-being and the creation of a secure working environment remains steadfast. We kindly ask for your cooperation in this matter, as it is vital for our collective efforts to contain the virus and uphold the safety of our community. Confidentiality Notice: This email and its attachments are confidential and intended solely for the recipient. In line with privacy guidelines, we kindly request that you refrain from sharing or forwarding this message. PLEASE AVOID SHARING THIS EMAIL WITH ANYONE. We sincerely appreciate your dedication to our university community, and together, we will navigate through this challenge and emerge stronger. Best regards, Washington University in St. Louis Health Care Center Contact: (616) 526-7052

The Office of Information Security has identified a trend in which criminals send members of our community false COVID-19 contact tracing emails with a malicious link. They hope a victim will click the link and give their WashU credentials. In this scam, hackers use a compromised email address from Brown University to send phishing emails. […]

Scam of the Month: Charity Scam

Did a charity reach out to you for a donation? Here's how to give safely and avoid a scam: Never donate with a gift card or by wiring money. Credit card and check are safer. Search the charity name online. Do people say it's a scam? Watch for names that only look like well-known charities. Look up a charity's report and ratings: give.org charitywatch.org candid.org charitynavitor.org Ask how much of your donation goes to the program you want to support. Donating through a charitable fundraising platform? Be sure you know where the money is going.

If You Sent Money to a Scammer  Scammers often insist that you pay in ways that make it tough to get your money back. They prefer you wire money through a company like Western Union or MoneyGram, send cryptocurrency, use a payment app, or buy a gift card and give them the redemption code. Regardless of how you lost money to a scam, […]

Scam of the Month: Process has begun by our administrator

Our record indicates that you recently made a request to terminate your Office 365 email. And this process has begun by our administrator. If this request was made accidentally and you have no knowledge of it, you are advised to verify your account. Please give us 24 hours to terminate your account OR verify your account Click Here To Verify Your Account Failure to Verify will result in the close of your account.

The Office of Information Security has identified a trend in which criminals send members of our community account termination emails containing a malicious link. They hope a victim will give their WashU credentials in a Google Form. In this scam, hackers use a legitimate WashU email address to send phishing emails. Victims who click the […]

Scam of the Month: Document Shared with You

Document shared with you: "ATHLETIC DIRECTORY REPORTS"

The Office of Information Security has identified a trend in which criminals send members of our community a Google Document containing a malicious link, in hopes that a victim may give up their credentials. In this more elaborate scam, hackers posed as Adis Avila, who is not an individual who works at our university, sending […]

Scam of the Month: Geek Squad Customer Service

The Office of Information Security observes a trend in which criminals send a fraudulent order confirmation claiming the recipient will be charged almost $500. The criminals hope victims will call a phone number to refute the “purchase” and disclose their banking information.  If you see a message like the one below, please do not interact […]

Scam of the Month: Compromised Email

The Office of Information Security observes a trend in which criminals use a compromised email account to trick victims into divulging their WUSTL Key password. In this scam, criminals took over a legitimate email address from UT Health San Antonio and used it to send phishing emails. Victims who click on the phishing link are […]

Scam of the Month: Sheriff Impersonation

The Office of Information Security observes a trend in which criminals impersonate the sheriff’s office over the telephone. These scammers claim you signed for a subpoena, are an expert witness, or are a juror and never showed up for court and then demand payment. Along with a false accusation, scammers may list your personal information […]

Scam of the Month: DEA Impersonation

The Drug Enforcement Administration (DEA) is warning the public of a widespread fraud scheme where scammers impersonate DEA agents to extort money or steal personally identifiable information. DEA personnel will never contact members of the public to demand payment or sensitive information. No legitimate federal law enforcement officer will request cash or gift cards from […]

Scam of the Month: Phish Text “from Andrew Martin”

Hi Parker, let me know once you receive this text. Andrew D. Martin

The Office of Information Security has observed a trend in which criminals impersonate Chancellor Andrew Martin over text message. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly powerful when the person being impersonated is in a position of authority. If you see a message like […]

Scam of the Month: Windows Defender Pop-ups

Windows Defender Security Center pop-up scam screenshot.

The Office of Information Security has observed a trend in which criminals send a fake error message on a website, saying there is a virus on your computer. These fake error messages aim to scare you into calling their “technical support hotline,” and they will likely ask you to install applications that give them remote […]

Scam of the Month: Available Cell Phone? Quick response?

The Office of Information Security observes a trend in which criminals send an email impersonating a Professor of Mathematics, hoping that victims will share their phone number and eventually purchase gift cards for them. If you see a message like the one below, please do not interact with the sender or phone number, and do […]

Scam of the Month: Invoice from PayPal LLC

The Office of Information Security observes a trend in which criminals send a convincing fraudulent PayPal invoice, hoping that victims will click a malicious link. If you see a message like the one below, please do not interact with the sender or phone number, and do not follow any special instructions. Simply report the email […]

Scam of the Month: Job/Employment Offer

The Office of Information Security observes a trend in which criminals send fraudulent job requests, hoping that victims will click a malicious link. If you see a message like the one below, please do not interact with the sender or phone number, and don’t follow any special instructions. Simply report the email using the Phish Alert […]

Scam of the Month: Package Scheduled for Delivery Today

The Office of Information Security has observed a trend where criminals send fraudulent delivery notifications in hopes that victims will scan a QR code. If you see a message like the one below, please do not interact with the sender and do not follow any special instructions. Simply report the email using the Phish Alert […]

Scam of the Month: Assistant Job Posting

The Office of Information Security has observed a trend where criminals send fraudulent job requests in hopes that victims will text a phone number with their personal information. If you see a message like the one below, please do not interact with the sender, phone number, or follow any special instructions. Simply report the email […]

Scam of the Month: Fake Password Expiration

The Office of Information Security has observed a trend where criminals send fraudulent password expiration notices in hopes that victims will disclose their WUSTL Key on a fake login page. If you see a message like the one below, please do not interact with any links or follow any special instructions regarding authentication methods. Simply […]

Scam of the Month: Student-Focused Scams

Student Aid Scam Sample

As school begins on campuses nationwide, criminals turn their attention to scams targeting students who are busy preparing for the upcoming semester. Criminals frequently rely on timely topics and strategies to exploit their victims. Below, you will find examples of real scam emails reported to our team within the last month. As we all gear […]

Scam of the Month: Fake (Real) Invoice Scam

The Office of Information Security has observed a trend where criminals are sending fraudulent invoices to unsuspecting victims in hopes that they will be paid without the recipient noting that they are part of a scam. The tricky part of this particular scam is that the invoices are actually generated by payment handlers like PayPal. […]

Scam of the Month: Urgent Administrative Job Opportunity

This month’s scam is a recent and widespread phishing attack that attempted to use social engineering and impersonation to gain account access. If you see a message like the one below, please report it immediately using the Phish Alert Button (PAB) in your Outlook interface. You can find more information about the PAB and alternative […]

SMiShing Scam Seeks to Obtain Gift Cards by Impersonating Chancellor

SMiSh Example

A recent SMiShing scam targeted our institution by impersonating Chancellor Martin and asking recipients for gift cards. You can rest assured that the chancellor (or your supervisor) will not reach out to ask for gift cards. SMiShing is a type of attack that uses the social engineering tactics commonly associated with email phishing via text […]

Scam of the Month: Authenticate Your Account

This month’s scam is a recent and widespread phishing attack that attempted to use social engineering and impersonation to gain account access. This one is particularly tricky, but it uses a very common set of steps that criminals deploy to steal account credentials. The user receives the suspicious email, in this case from an ‘@wustl’ […]

Scam of the Month: Important Payroll Message

Example of Important Payroll Message Phish

This month, we’re focusing on a particularly tricky scam. This one isn’t tricky because it’s complex on its surface; it actually relies on simplicity and brevity to lure in its victims. This scam mimics an important notification to trick recipients into handing over sensitive login information. It contains many hallmarks of a typical phish, but […]

Scam of the Month: Ukraine Donation Scam

This month, we’re focusing on another scam that preys on your emotions and altruistic intentions. This time, it involves cybercriminals taking advantage of fundraising for Ukraine. In just one week, legitimate fundraising for Ukraine mobilized more than $50 million in cryptocurrency. That kind of success always attracts opportunists who want their cut. This time, they’re […]

Scam of the Month: Fake Norton or Geek Squad Call Scam

Geek Squad scam attempt

Attackers are using criminal Gmail accounts to target members of our institution with a phishing scam that involves requesting the recipient call a phone number for additional information. The attackers use dozens of Gmail accounts, using each account to target only one or a few users and modifying minor details to avoid detection. As a […]

Scam of the Month: SMiShing and 3 Viruses Detected Scam

Example SMiSh with 3 Viruses Scam

The Office of Information Security has received reports of a SMiShing campaign targeting people at our institution. SMiShing occurs when cybercriminals use tactics common to phishing campaigns in text messages, attempting to communicate legitimacy to their unsuspecting victim. The reported scam (pictured below) is a text-based version of a common and long-running scam that is […]

Scam of the Month: COVID Omicron Phishing

Security researchers are warning of an uptick in phishing attacks targeting universities themed around COVID, Omicron, and testing information. These attackers seek to steal valuable information and often have the goal of tricking users into handing over their university (or other) log-in credentials. Below, you will find an example of a phishing message using Omicron […]

Bonus Scam of the Month: Emotet Attachment Scam

Emotet Macro Image

The Information Security Office recently became aware of the reemergence of a malware distribution network previously taken down by law enforcement. This phishing email may look like a reply from a previous familiar email chain. This malicious phishing email uses three types of email attachments to install malware. These attachments include: Microsoft Excel spreadsheets Microsoft […]

Scam of the Month: Direct Deposit Phishing Scam Impersonating University Leadership

Chanc Impersonation Direct Deposit Phish

Members of the WashU community are receiving phishing emails impersonating university leadership, including Chancellor Martin and Dean Perlmutter. These messages request changes to direct deposit information due to suspicious activity.  Phishing scams often impersonate people in leadership positions to encourage a heightened sense of urgency in the recipient. Additionally, information about leaders is publicly available […]

He Held Her Hostage with His Words

Bonus Scam of the Month  On Father’s Day, 2021, Jaime Bardacke, a licensed clinical social worker in San Fransisco, received a phone call from a man who identified himself as Lt. Timothy Reid of the San Mateo County Sheriff’s Office. Initially, Bardacke was not surprised by the call. She had dealt with legal issues involving […]

Scam of the Month: DocuSign Phishing

Example of DocuSign Phish

Attackers continuously adjust their tactics to circumvent our defensive strategies, using new methods to access our systems, data, and personal information. Even as attackers develop new scams, one element seems to carry on—impersonation. Our office frequently publishes about impersonation because it forms the basis of most phishing attempts. Often, attackers impersonate a high-ranking employee in […]

Scam of the Month—September 2021

Eavesdropping

Zero-Click Security Threat Earlier this month, the Office of Information Security published an alert about “zero-click” spyware. Typical cyberattacks require the target to interact in some way with malicious content by clicking on a link or downloading an attachment from an unknown sender. Zero-click attacks do not require this sort of engagement. According to the interim […]

Scam of the Month—August 2021

SMiSh Example

The Office of Information Security has received reports of a SMiShing campaign targeting students at our institution. SMiShing occurs when cybercriminals use tactics common to phishing campaigns in text messages, attempting to communicate legitimacy to the unsuspecting victim.  The reported SMiShing attempt is posted below. The message sender is posing as someone in a position […]

Scam of the Month—July 2021

Before we get to our Scam of the Month for July, we wanted to take a minute to say thanks to one of our readers who took the time to reach out and provide some additional clues from last month’s column. Here is a link to our post from last month: https://informationsecurity.wustl.edu/scam-of-the-month-june-2021/ Our reader points out […]

Scam of the Month—June 2021

In each issue of the newsletter, we will feature, discuss, and dissect a scam that has appeared on our campus. These scams are “real” attempts to infiltrate our systems and/or gain access to sensitive and personal information of individuals in our community. By sharing these examples with our readers, we hope to enhance your awareness […]