Washington State University Information Technology Services is experiencing an increase in malicious phishing email campaigns. You may receive emails from someone impersonating a member of your team or a higher level university staff or faculty member. The emails often contain a question asking if you are available to complete a task for them. Additionally, the sender may state that they are in a meeting and cannot take a phone call in an attempt to prevent you from calling to confirm. The sender may express a sense of urgency in order to prevent you from noticing that the message is a scam.

The sender is counting on the recipients to feel obligated to assist an authority figure without verifying the identity of the sender. If a recipient replies to the message, the sender will request that the recipient use personal funds (with a promise of reimbursement) to purchase gift cards, often in large amounts, take photos of the card information, and send them via email or cell phone messaging. This is the most common request, but is not the only request that may be made.

If you recognize an email as a phishing attempt, please report it to the university email abuse queue [abuse @ wsu.edu].

If you are uncertain about the validity of an email, contact the sender via another method besides email.

How to recognize phishing emails:

• The sender email address is not familiar, especially those from Yahoo, Gmail, Hotmail, and other free services, or the domain attempts to appear reputable, but doesn’t look right, such as “apple-billing.com.”
• Hovering over a link in the email message goes to an unusual or unreadable destination, or the destination has a different address than what is displayed in the email (this should be an immediate indicator that the email is malicious).
• The email contains attachments that you were not expecting, is a dangerous file type, and/or doesn’t have anything to do with the email subject.
• The email has obvious grammatical errors, misspellings, or attempts to force a sense of urgency about an action such as opening a link or attachment.

This notice is a service of Information Technology Services. The intent of this message is to inform network users of immediate information security threats with the intent to increase security awareness.

If you have any questions, please contact the Crimson Service Desk at: crimsonservicedesk@wsu.edu