Filter by:

Scam of the Month: DEA Impersonation Phone Call 

Scam of the Month: DEA Impersonation Phone Call 
According to Washington University School of Medicine Protective Services, the WUSM Physical Therapy department received a call from someone impersonating the DEA to steal personally identifiable information.  In the call, they claimed to be an investigator from the DEA headquarters, saying that a nurse practitioner had reported fraud under their name, medical license number, and […]

Scam of the Month: RESEARCH ASSISTANT VACANCY FOR UNDERGRADUATE

Scam of the Month: RESEARCH ASSISTANT VACANCY FOR UNDERGRADUATE
The Office of Information Security has observed a trend in which criminals advertise a job while impersonating a Professor of Computer Science and Engineering. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly enticing if offered employment.  If you see a message like the one below, […]

Scam of the Month: COVID-19 Variant Poses Risks in our University 

Scam of the Month: COVID-19 Variant Poses Risks in our University 
The Office of Information Security has identified a trend in which criminals send members of our community false COVID-19 contact tracing emails with a malicious link. They hope a victim will click the link and give their WashU credentials. In this scam, hackers use a compromised email address from Brown University to send phishing emails. […]

Scam of the Month: Charity Scam

Scam of the Month: Charity Scam
If You Sent Money to a Scammer  Scammers often insist that you pay in ways that make it tough to get your money back. They prefer you wire money through a company like Western Union or MoneyGram, send cryptocurrency, use a payment app, or buy a gift card and give them the redemption code. Regardless of how you lost money to a scam, […]

Scam of the Month: Process has begun by our administrator

Scam of the Month: Process has begun by our administrator
The Office of Information Security has identified a trend in which criminals send members of our community account termination emails containing a malicious link. They hope a victim will give their WashU credentials in a Google Form. In this scam, hackers use a legitimate WashU email address to send phishing emails. Victims who click the […]

October 20: Microsoft applications may require users to reauthenticate

Mark your calendar Microsoft applications may require users to reauthenticate On the evening of October 20, WashU IT will enhance the university’s cloud-based Microsoft services. As a result, users may see authentication (login) prompts on Microsoft applications such as Teams, Outlook, Office, and OneDrive on their devices. These prompts are expected. Completing the WUSTL Key […]

Scam of the Month: Document Shared with You

Scam of the Month: Document Shared with You
The Office of Information Security has identified a trend in which criminals send members of our community a Google Document containing a malicious link, in hopes that a victim may give up their credentials. In this more elaborate scam, hackers posed as Adis Avila, who is not an individual who works at our university, sending […]

Phishing Alert: Credential Phishing via QR Code

Phishing Alert: Credential Phishing via QR Code
How this Scam Works Members of the WashU community are being targeted by criminals using malicious QR codes to steal valuable and personal information. The QR codes targeting WashU credentials lead an unsuspecting victim to a fake WUSTL Key login page. If the victim enters any information on the malicious login page, they will unknowingly […]

Phishing Alert: Credential Phishing via Google Form

Phishing Alert: Credential Phishing via Google Form
How this Scam Works Members of the WashU community are receiving fraudulent shared document emails that ask them to divulge their WUSTL Key and credentials in a Google Form. Victims receive a fraudulent email about a shared document from an email address outside of WashU: When a victim clicks the link in the email, they […]

Scam of the Month: Geek Squad Customer Service

Scam of the Month: Geek Squad Customer Service
The Office of Information Security observes a trend in which criminals send a fraudulent order confirmation claiming the recipient will be charged almost $500. The criminals hope victims will call a phone number to refute the “purchase” and disclose their banking information.  If you see a message like the one below, please do not interact […]

Scam of the Month: Compromised Email

Scam of the Month: Compromised Email
The Office of Information Security observes a trend in which criminals use a compromised email account to trick victims into divulging their WUSTL Key password. In this scam, criminals took over a legitimate email address from UT Health San Antonio and used it to send phishing emails. Victims who click on the phishing link are […]

Scam of the Month: Sheriff Impersonation

Scam of the Month: Sheriff Impersonation
The Office of Information Security observes a trend in which criminals impersonate the sheriff’s office over the telephone. These scammers claim you signed for a subpoena, are an expert witness, or are a juror and never showed up for court and then demand payment. Along with a false accusation, scammers may list your personal information […]

Scam of the Month: DEA Impersonation

Scam of the Month: DEA Impersonation
The Drug Enforcement Administration (DEA) is warning the public of a widespread fraud scheme where scammers impersonate DEA agents to extort money or steal personally identifiable information. DEA personnel will never contact members of the public to demand payment or sensitive information. No legitimate federal law enforcement officer will request cash or gift cards from […]

Scam of the Month: Phish Text “from Andrew Martin”

Scam of the Month: Phish Text “from Andrew Martin”
The Office of Information Security has observed a trend in which criminals impersonate Chancellor Andrew Martin over text message. Impersonation is one of the most effective social engineering tactics used by scammers, and it can be particularly powerful when the person being impersonated is in a position of authority. If you see a message like […]

Phishing Alert: Student Job Offer

Phishing Alert: Student Job Offer
How this scam works WashU students are reporting they are receiving fraudulent job offers promising hundreds of dollars per week. The scammer will often ask you to move the conversation to some different, non-WashU messaging platform, like text, before requesting sensitive information like social security numbers, bank account information, etc. What you should do If […]

Scam of the Month: Windows Defender Pop-ups

Scam of the Month: Windows Defender Pop-ups
The Office of Information Security has observed a trend in which criminals send a fake error message on a website, saying there is a virus on your computer. These fake error messages aim to scare you into calling their “technical support hotline,” and they will likely ask you to install applications that give them remote […]

Secure Electronic Waste & Paper Shredding Drive on Danforth Campus

Secure Electronic Waste & Paper Shredding Drive on Danforth Campus
On Tuesday, March 28, from 8:30 am to 10:30 am, the Office of Sustainability and WashU Office of Information Security are teaming up to bring the WashU community e-waste recycling and confidential paper shredding services. Certified vendors will securely and safely recycle all confidential papers and hard drives. All are welcome to bring accepted items […]

Scam of the Month: Available Cell Phone? Quick response?

Scam of the Month: Available Cell Phone? Quick response?
The Office of Information Security observes a trend in which criminals send an email impersonating a Professor of Mathematics, hoping that victims will share their phone number and eventually purchase gift cards for them. If you see a message like the one below, please do not interact with the sender or phone number, and do […]

InfoSec Alert: LastPass Security Breach

On December 22nd, 2022, LastPass notified their customer base of a cybersecurity incident that put customer data and passwords at risk. This incident occurred in November of 2022. Bad actors could potentially possess encrypted user data that includes “usernames, passwords, secure notes, and form-filled data,” according to LastPass. While in possession of this data, the bad […]