PULLMAN, Wash. – Information Services is alerting students, faculty and staff to a new phishing email circulating the WSU system this one pretends to come from the WSU HR Office.
This is a fraudulent email and individuals should not respond or click on any of the links. The email message shows as from “administrator@wsu.edu” with the subject line “To All Employee’s- Important Address UPDATE” and contains the following text, including typos:
“To All Employee’s:The end of the year is approaching and we want to ensure every employee receives their W-9 to the correct address.Verify that the address is correct – [URL removed for security] If changes need to be made, contact HR at [URL removed for security]. Administrator,http://wsu.edu
To All Employee’s:
The end of the year is approaching and we want to ensure every employee receives their W-9 to the correct address.
Verify that the address is correct [URL removed for security]
If changes need to be made, contact HR at [URL removed for security] Administrator, http://wsu.edu ”
Here’s what to do
If you do not reply to the email, then you are fine; there’s nothing more you need to do. If you did click on the link, but didn’t enter any personal information, (such as your Network ID or password), then the phishers will not have your account information, and there’s nothing more you need to do.
However, if you responded to the phishing email and entered your Access ID or Network ID and password or any other personal information, the phishers will have collected that information. The IS Security Office recommends that you immediately change your password and contact the IS Help Desk at 509-335-4357 or helpdesk@wsu.edu.
How to spot a phishing email
Review and compare the “from” email address. Do you recognize it and does it match the company or entity referenced in the body of the email? If not, be suspicious.
Is there a link/URL embedded within the email asking you to click on it? Be wary, it will probably ask you for your login and password or it may even download malware onto your computer.
Phishers are getting very tricky mimicking official organizations, be cautious of any email asking you to click on a link or to supply your login and password.
Never respond
The IS Security Office recommends that you never respond to requests for personal information that may be contained in suspicious emails, voice messages, or text messages. It is best to assume any solicitation of personal information employing fraudulent methods, is not authentic.
Phishing is the act of attempting to acquire information such as usernames, passwords, and/or credit card details by masquerading as a trustworthy entity in an electronic communication.
For further assistance or questions please contact your departmental IT support staff or the Help Desk at 509-335-4357 or helpdesk@wsu.edu.