Information Security would like to remind you to be extra vigilant of phishing attacks during the upcoming holidays as scammers will try to take advantage of your holiday spirit.
View Information Security intranet site: This new resources was developed to share updates and provide the community with security education resources. It features a Phish of the Day section to share information on recent phishing attempts targeting our community. Access the site from the WPI Portal. Report CEO Fraud and other suspicious email.
These phishing attacks are not technical but instead use social engineering to prey on your good nature and are difficult to stop.
Over the past few months, we have seen an uptick of business or CEO Fraud, where the cybercriminals try to impersonate a colleague in the attempt to get you to execute an unauthorized wire transfer, send out confidential information, or even purchase gift cards.
We recently rolled out new technology that will identify impersonation messages for members of Management Council, and move CEO Fraud type messages to your Junk Folder.
What you can do to protect against CEO Fraud:
- Check the From: address of the email. If it is not @wpi.edu then it is spoofed.
- Investigate unusual email requests. If the email seems out of character for your executive or colleague, contact them by another means using the contact information in your official department directory. If you do not know or do not have their contact information, reach out to someone who does.
- Report CEO Fraud emails to firstname.lastname@example.org. CEO Fraud emails are targeted attacks on specific groups of people and talking about them will help raise awareness for everyone.