Protect yourself from phishing and other scams

ISSUE:

This message was sent on 2/4/2019 to all WWU email accounts as a friendly reminder that phishing emails can get through our spam filtering systems. Phishing emails are designed to install malware (e.g., spyware, viruses, keyloggers) and/or trick people into providing personal and private information -- often requesting usernames and passwords.

 

To complicate detection, scammers are frequently sending emails that appear to be from a trusted sender like a university office, administrator, faculty, colleague, or legitimate organization. This “spear phishing” often targets a specific organization or individuals. These email messages are more sophisticated than general phishing and often appear realistic because they may include official looking logos and show an understanding of university or other organizational processes.

 

ACTION REQUIRED:

Continue to educate yourself on identifying fraudulent emails, do not provide your login credentials if an email asks for your password, and think before you click.

 

The Help Desk webpage (https://atus.wwu.edu/kb/phishing-how-protect-yourself-fraudulent-emails) has more information to help you identify and avoiding phishing scams, including examples of common scams. If you are concerned about clicking the link (good for you). You can also access this page by visiting the ATUS website (atus.wwu.edu), clicking on the Security button, and looking for the Phishing Scams section.

 

ADDITIONAL INFORMATION:

Phishing email messages are designed to look legitimate. You can help protect yourself by following these tips:

  • Do not share your personal information electronically (e.g., passwords, PINs, security questions/answers, banking/account numbers, etc.). While Western will never directly ask for personal information in an email message – we do use systems that will often send email with hyperlinks that require sign-in (example: eSign, OneDrive, etc.) – caution should be exercised anytime you click on any link in an email. Remember that the return address on a message can be "spoofed". This means that that the address you initially see may not actually be the source of the message. 
  • Do not open email attachments unless you requested it or are expecting it. Just knowing the sender (or thinking you know the sender) does not make the attachment safe.
  • Do not click on links in a message unless requested by you or expected. Links often point to malicious code that could install malware on your computer.
  • Be on the lookout for subtle language clues. Often these messages will use language constructs that are not typical. 
  • If you have any questions about the content or instructions in a message you should always contact the source of the message. Checking a web page, making a phone call, or creating a new message is always safer than replying to a questionable message.
  • If you have responded to a message with your username and password or other personal information, you should immediately change your password and security questions/answers, and contact the ATUS Help Desk at x3333 or your local technology support staff.

 

If you have questions or concerns, please contact the Help Desk at 360.650.3333 or helpdesk@wwu.edu, your departmental tech support staff, or Western’s Information Security Office: InfoSec@wwu.edu