Protect yourself from phishing
What is phishing?
• A technique criminals use to try to trick you out of information.
• Criminals send you email directing you to websites that ask for your password as verification of some sort.
• They disguise themselves as something or someone you trust — a bank or a computing help desk.
• They threaten to cut off your access unless you give them your password.
• Often you can tell that phishing emails and websites are suspicious because of misspelled words, bad grammar and other clues — but not always.
What is spear phishing?
• A more targeted version of phishing.
• Universities, including WUSTL, are targeted.
• Criminals disguise their messages and websites to look like official WUSTL messages and websites.
• They target members of the WUSTL community.
• It's harder to recognize that the emails and websites are the work of criminals because they closely mimic the look of legitimate emails and websites.
What's at risk?
• Access to your WUSTL accounts and university records
• Private personal information
• Valuable research data
• Sensitive university data
Learn to recognize phrases that sound phishy
Criminals urge you to act quickly, so you don't have time to think. They say things like this:
• Validate, verify, update your account!
• Your email is full!
• Your account will be deleted!
Learn to recognize phishy links
• Use your mouse to hover over the link in the email message to see the actual URL you are being directed to.
• Note the https at the beginning. The "s" is used for secure connections.
• Note the entire URL. Criminals may use pieces of that URL, but not the exact thing.
How to avoid becoming a spear phishing victim
• WUSTL staff will never request personal information via email. If in doubt, call the office that is requesting the information (but don’t use the phone number contained in the email — that’s usually phony as well).
• Never follow a link to a secure site from an email — always enter the URL manually.
• Change your passwords regularly.
If you aren't sure, contact the following
On the Danforth Campus, please contact Washington University’s Solutions Center by email at ISTSC@wustl.edu
935-8200, or on the medical campus firstname.lastname@example.org
362-0735, if you think you might have clicked on a scam message and submitted your WUSTL KEY password, or if you have any questions about these types of emails. If you receive a suspect email, you may forward it to these email addresses.
Text of the fraudulent email:
From: Washington University in St. Louis <email@example.com
Date: September 8, 2013, 4:58:54 AM MDT
To: Subject: URGENT ALERT
To secure our system and all employees details from all forms of cyber attacks following the latest compromise on our database the IT department and the Human Resources have unanimously agreed to upgrade our system to the latest OLTP Microsoft Server. Hence to secure your profile and details you are required to immediately upgrade to this platform.
It takes less than 2 minutes to update your profile. Follow the link below to have your details immediately upgraded:
IT Services & HR Management System
Washington University in St. Louis