Phishing Attacks Increase During Holiday Season

Information Security would like to remind you to be extra vigilant of phishing attacks during the upcoming holidays as scammers will try to take advantage of your holiday spirit. To help share updates and provide the community with security education resources, we created a new Information Security intranet site that can be accessed from the WPI Portal. It features a “Phish of the Day” section to share information on recent phishing attempts targeting our community.

Over the past few months, we have seen an uptick of business or CEO Fraud, where the cybercriminals try to impersonate a colleague in an attempt to get you to execute an unauthorized wire transfer, send out confidential information, or even purchase gift cards. We recently rolled out new technology that will identify impersonation messages for members of Management Council, and move CEO Fraud type messages to your Junk Folder.

These phishing attacks are not technical but instead use social engineering to prey on your good nature and are difficult to stop.

The following example shows the first stage of the attack where the attacker is attempting to begin a conversation.  

What you can do to protect against CEO Fraud:

  1. Check the From: address of the email. If it is not @wpi.edu then it is spoofed.
  2. Investigate unusual email requests. If the email seems out of character for your executive or colleague, contact them by another means using the contact information in your official department directory. If you do not know or do not have their contact information, reach out to someone who does.
  3. Report CEO Fraud emails to phishing@wpi.edu. CEO Fraud emails are targeted attacks on specific groups of people and talking about them will help raise awareness for everyone.