messages sent and received electronically through an e-mail system

In one month, WashU IT manages approximately 25 million emails in Microsoft Office 365. Phishing is the most common type of email cyber attack affecting organizations like ours. Phishing attacks can take many forms, but they all share a common goal of getting the email recipient to share sensitive information—such as login credentials, credit card information or bank account details—resulting in identity theft and usually financial loss. Watch this video to learn more about phishing.

As cyber criminals become increasingly more slick in their approach, arming the university community with information about the latest attack tactics is important.

Safety Tips

  1. Keep a clean inbox. An overwhelming amount of email received daily by the university community is classified as spam, or unsolicited email. Instructions on how to report SPAM are available on spam filtering.
  2. Know when to click. Clicking on links in suspicious and/or unsolicited email could result in a phishing or malware attack. Learn more about phishing , malware, and ways to identify suspicious email.
  3. Don’t Respond. Do not respond to emails asking for passwords or personal information.
  4. Keep it close. Do not leave laptops, tablets, or mobile devices unattended. Thieves can use this as an opportunity to access the information on your device or to steal your device.
  5. Get trained. It’s required. The Information Security Office developed an email safety training course accessible through Learn@Work. This course take approximately 10 minutes to complete and is required for all current WashU faculty, staff and WUSM students.

What To Do If You Receive a Suspicious Email

If you receive a suspicious email, please report it using the Phish Alert Button (PAB). When you report a phish using the PAB, our office will investigate the threat and take any necessary action, such as removing all similar messages from systems and notifying our community of the threat.