Due to increased hacking attempts aimed at the WSU’s fiscal system, an advisor was sent out to personnel that works with electronic payments. That said, this is good information everyone.
Here’s an excerpt from the advisory email:
In light of recent increased attempts, attached please find an example of a common theft tactic in which an anonymous party utilizes familiar language and presentation to gain access to financial resources from unsuspecting WSU parties, along with recommended email filtering steps from the WSU Information Security team.
The biggest red flag to spot immediately is the originating email address is not from WSU. However, in the rush to meet needs, an employee may miss this key detail.
- Train fiscal and administrative support staff to:
- Watch for originating email coming from outside WSU.
- Watch for unusual language from someone with whom they work.
- Is this an unusual or out of character request to receive? (WSU payment processes are not followed properly, expedited payment request, large payment amount, etc.)
- Always verbally confirm any unplanned payment request, including
- Does the request have an invoice?
- Does it reference a Purchase Requisition?
- What pay method are they requesting? (Wires are a popular theft method due to speed and difficulty tracing recipients.)
- Always verbally confirm any payment request that raises doubt, even if it looks authentic.
- Do not respond to the email if you discover attempted fraud. Always report it to abuse@wsu.edu and let them manage from there.
Today’s online predators can be very sophisticated and determined in their language and their skills. Please share this with all appropriate staff in your areas and provide ample training opportunity and discussion to protect your employees and WSU from these scenarios.
The ITS security team is glad to assist with any questions directed to abuse@wsu.edu.
Thank you,
Jacqueline Southwick
ITS Communication Coordinator | jsouthwick@wsu.edu
In addition to this advisory, here are a couple of attachments that went out with the email. The first is an example of a fake request for funds transfer. The second one is a list of ways to set your email security filters in Outlook for Windows and Mac. (I’ve posted similar previously, but this is a good reminder.)