An Information Security publication for the WPI community.

This edition of SECURE IT spotlights changes, warnings, and new articles that are essential for our community due to the COVID-19 pandemic. Our adjusted working, teaching and learning environments, the potential for increased anxiety, and lurking cybercriminals all challenge our cyberhealth. Information Security along with the whole Information Technology team wishes you well, and we are here to assist!

Even More Multi-Factor Authentication

Many of us are already successfully using multi-factor authentication (MFA) for secure access to certain systems, and now its scope is being expanded. Due to attacks related to the COVID-19 pandemic, phishing and the risk of compromised accounts have increased. Keeping our WPI access secure is more important than ever.

Now all WPI account logins, including alumni, will be asked to set up MFA and provide additional security verification information to protect your account. If your account is compromised and locked, you will be able to reset your password yourself only if you have setup MFA. Phishers and hackers will not be able to change your password without an additional method of verification.

Please confirm or set up methods of authentication. Add as many authentication methods as possible to avoid being locked out of your account, including office phone for faculty and staff.

Multi-Factor Authentication

VIP Impersonation Warning

Information Security has recently seen an uptick in VIP impersonation email phishing attacks known as Business Email Compromise (BEC) or CEO Fraud. CEO Fraud is a scam in which cybercriminals spoof company email accounts to impersonate executives or colleagues. They attempt to deceive an employee or colleague into executing unauthorized wire transfers, sending out confidential tax information, or even purchasing gift cards.

Sample CEO Fraud Email

Additional Resources

Information Security details CEO Fraud, including the steps an attacker takes, and how you can elude the attack, in this new VIP Impersonation article.

Email Fraud: VIP Impersonation

The Federal Bureau of Investigation (FBI) provides information about CEO compromise schemes related to COVID-19.

FBI: Schemes Related to COVID-19FBI: Rising Business E-Mail Compromise

New for You! Articles on

We have developed new articles and refreshed existing ones, to help our remote WPI community stay secure!

Password SafetyProtecting Children OnlinePreventing Malware InfectionsSecuring Your Home NetworkOnline Banking Security

When in Email Doubt...

- WPI IT will never email you a request to verify sensitive information such as password, date of birth, address.             

- WPI supervisors will never email asking you to buy gift cards, scratch off the back, and send pictures. 

- The IRS will not accept payment in iTunes gift cards.

- Office365 will never email you directly for payment, exceeding your quota, or quarantined email warnings.