Questions:

What is a Phishing Email?

What should I do if I get a Phishing Email?

Answer:

Malicious phishing emails are consistently circulating email environments and despite sophisticated university security measures, they often target (and even are sent from) WSU email addresses.

Phishing emails have several distinguishing characteristics:

  • A sense of urgency to scare you, spark your curiosity, or take advantage of your compassion. Attackers often indicate your account will stop functioning if you do not comply with their requests as soon as possible.
  • Phishing emails will always ask you to do something like clicking a link, opening an attachment, replying with information, or contacting an unknown identity.
  • Obvious grammatical, spelling, or language errors and awkward punctuation, sentence structure, or capitalization errors.
  • Do not refer to you by name and use impersonal greetings like “Dear Student” or “Dear User.”
  • “To:” field is empty or says it was sent to undisclosed recipients. Cyber attackers also often send phishing emails to multiple recipients with the same first, middle, or last name.


If you receive an email with one of the above characteristics, do not click on a link or open an attachment that may be included in the message.

For assistance determining the safety and legitimacy of an email, you can always contact WSU’s Information Security Services team by forwarding the message to: abuse@wsu.edu


Never reply to a phishing email. It is important to never send your password, personal details, financial information, or verification tokens over email to an unknown sender. If you believe the message may be legitimate or are worried about the consequences of ignoring the message, please find the organization’s contact information and reach them directly.


If you clicked on a malicious link, go to https://account.wsu.edu and change your password immediately.


Keep a careful eye on your email to ensure you can send and receive messages. Often, if an account is compromised, an inbox or forwarding rule is set up to push mail out of your account. If you notice that you are no longer receiving email, your email may be redirecting to a non-WSU address. Please sign in to https://outlook.office.com with your WSU credentials and remove any forwarding rules or redirects you did not place.


Check if your email is being redirected or forwarded by a malicious attacker:

  1. Sign in to https://outlook.office.com with your WSU credentials.
  2. Click the Gear icon in the upper right.
  3. Search “forwarding” and select the Forwarding option.
  4. If you see an email address you do not recognize, delete the email address and deselect the box next to Enable forwarding.
  5. Click Save in the lower right corner.


Be sure to check your inbox rules, along with your safe and blocked senders list, for any unfamiliar email rules or addresses.