SECURE IT - 2020 May

Even More Multi-Factor Authentication

Many of us are already successfully using multi-factor authentication (MFA) for secure access to certain systems, and now its scope is being expanded. Due to attacks related to the COVID-19 pandemic, phishing and the risk of compromised accounts have increased. Keeping our WPI access secure is more important than ever.

Now all WPI account logins, including alumni, will be asked to set up MFA and provide additional security verification information to protect your account. If your account is compromised and locked, you will be able to reset your password yourself only if you have setup MFA. Phishers and hackers will not be able to change your password without an additional method of verification.

Please confirm or set up methods of authentication. Add as many authentication methods as possible to avoid being locked out of your account, including office phone for faculty and staff.

VIP Impersonation Warning

Information Security has recently seen an uptick in VIP impersonation email phishing attacks known as Business Email Compromise (BEC) or CEO Fraud. CEO Fraud is a scam in which cybercriminals spoof company email accounts to impersonate executives or colleagues. They attempt to deceive an employee or colleague into executing unauthorized wire transfers, sending out confidential tax information, or even purchasing gift cards.

Additional Resources

Information Security details CEO Fraud, including the steps an attacker takes, and how you can elude the attack, in this new VIP Impersonation article.

The Federal Bureau of Investigation (FBI) provides information about CEO compromise schemes related to COVID-19.