Mandatory Information Security Training for Faculty, Staff and Medical Students

In an effort to improve our WashU Information Security cyber defenses, we want to highlight a common cyber-attack that everyone should be aware of – phishing. In FY17, WashU detected and investigated 125 phishing campaigns targeting WashU email users. A total of 85 accounts were compromised and required a password reset. So far in FY18, the Information Security Office has detected and investigated 50 phishing campaigns that resulted in 128 password resets.

What is Phishing?

“Phishing” is the most common type of cyber-attack that affects organizations like ours. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information or bank account details, resulting in identity theft and financial loss. Although we maintain controls to help protect our networks and computers from cyber threats, we rely on you—the WashU community—to be our first line of defense.

Action Required

The WashU Information Security Office has launched an email safety phishing training module in Learn@Work. The training focuses on identifying types of phishing schemes, recognizing the warning signs of scams, and knowing who to contact if things seem “phishy”.

Today, WashU email users can access the mandatory email safety training in Learn@Work. The training will take approximately 10 minutes to complete. All current WashU faculty, staff and medical students are required to complete the training by December 31, 2017. This training will be a new requirement for all new faculty, staff and students going forward.

Quick Links

To learn more about phishing, please visit our website or watch this video.

To access the email safety training, please click here.

Have Questions?

Email us at

We appreciate your help in keeping our network, and WashU community, safe from these cyber threats.