- Message About Phishing and W-2 Forms (2022)
- Secure University Data (2021)
- Scams target offsite workers and COVID-19 fears (2021)
Message About Phishing and W-2 Forms
This message was sent on 1/11/22 to all UW student employees, faculty and staff with approval from the Vice President for UW Information Technology and CIO.
This email provides important information to help you protect your UW NetID and password from phishing attacks, which increase during tax season.
How does phishing work?
Cybercriminals try to steal employee login credentials so that they can download Wage and Tax Statements (Form W-2). They then use the W-2 information to electronically file a fraudulent federal income tax return in the employee’s name. By changing the bank account number, the cybercriminals receive the refund.
Your vigilance and the UW’s two-factor authentication system play a pivotal role in protecting employee data.
How can you protect yourself?
- Be skeptical about emails that seem urgent or threaten negative consequences if you do not act.
Do not reply, click links, or divulge personal information or sign-in credentials.
Cybercriminals may use manipulative messages to heighten urgency or logos from well-known companies to trick users into clicking on links. In some cases, they may send a simple meeting reminder that leads to a fake UW web page. If you receive an email you suspect may be phishing, you can report it to email@example.com.
- The secure way to access your University of Washington W-2 is by using the “Sign in to Workday” link found on the Integrated Service Center’s (ISC) website. (Note: Children’s University Medical Group and UW Physicians employees should access their 2021 W-2s in the Automatic Data Processing (ADP) system; UW Neighborhood Clinic employees will be issued two 2021 W-2s, one for the first pay period in ADP, the second for the remainder of the year in Workday.) If you suspect you’ve received a phishing email disguised as an email from Workday, you can confirm the legitimacy of the message by signing into Workday via the ISC website and double-checking you received the same message in your Workday Inbox or your Workday Notifications.
- Do not approve unsolicited requests for two-factor authentication.
Duo is the UW’s two-factor authentication (2FA) system, which adds a second layer of security when you sign into Workday and other systems. Using 2FA prevents others from signing in as you, even if they know your password.
If you receive an unsolicited sign-in request for Duo, and you have not signed into a system that requires it, do not approve the request. If the request is a phone call, hang up without pressing any buttons. If it is a Duo Push request, press the “deny” button and you will be given a choice to report it as fraudulent so that UW Information Technology is notified. Additionally, you should immediately change your UW NetID password to ensure your account is secure.
- Opt in to use 2FA on the web.
As of August 31, 2021, all staff (except in UW Medicine) and UW Bothell faculty are required to use 2FA when signing in with their UW NetID on the web for added security. Other faculty and students can also opt in to use 2FA on the web. Find more information on the IT Connect website.
- Use anti-virus software on your computers and devices, and keep the anti-virus software updated.
Sophos Anti-Virus Software is available free of charge to all UW students, faculty and staff.
If you have any questions or concerns, please contact firstname.lastname@example.org.
Thank you for helping secure UW data.
How Can You Be Safe and More Secure Online?
This message was sent on October 19, 2021 to all UW students, faculty and staff with approval from the Vice President for UW Information Technology and CIO
October is National Cybersecurity Awareness Month, and it’s a good time to remind everyone how to be safer and more secure online.
We all have a part to play in protecting personal and UW data and using University resources appropriately.
1. Recognize phishing and scams.
Scammers commonly use phishing emails to trick you into giving them your personal information, such as passwords or credit card numbers, and they’re often successful. Be skeptical of any email that urges you to click on links or download attachments.
Phishing emails may appear to come from a recognizable person or organization, such as your supervisor, UW organizations, or the health department. Be suspicious of unsolicited job opportunities, offers of financial aid, requests to purchase gift cards or opportunities that seem too good to be true.
2. Secure your UW NetID and other accounts.
Be careful not to use your UW NetID password with any other account. Add another layer of security by using two-factor authentication (2FA) to protect your UW NetID and password online; 2FA prevents others from signing in as you, even if they know your password.
3. Secure your computer and other devices.
4. Secure UW institutional data.
Learn what types of data you are responsible for and take steps to secure data appropriately in applications. Three data classifications are defined by UW policy: UW Confidential, Restricted, and Public. Certain data types are protected by laws and regulations. Back up your data in at least two different ways, including one offline version.
5. Secure your Wi-Fi communications.
Configure your devices to use eduroam — a free, encrypted Wi-Fi network available at the UW (and at any eduroam-enabled institution throughout the world). There are instructions for how to set up your device to access eduroam on IT Connect.
6. Secure communications while working remotely.
Use a virtual private network (VPN), such as Husky OnNet, when working at home or remotely to access resources on the UW network. Take steps to secure your home Wi-Fi network by using strong passwords and the strongest encryption possible on home routers.
7. Know the rules.
State law prohibits the use of UW computing resources, tools or services for commercial or political purposes. Follow copyright laws for software, images, music or other intellectual property, such as books and videos. For more information, review the Appropriate Use web page on IT Connect.
If you have any questions or concerns, please contact email@example.com
Thank you for helping to secure your personal and UW data.
- Postcard for students: Print off this cheat sheet for quick tips for how to protect yourself online.
- Ransomware online training: Learn about a threat associated with clicking on links and downloading attachments.
- Phishing training: Review training materials and see phishing examples.
- 2FA/Duo: Find information about using 2FA on the web and setting up devices.
- Passwords infographic: Find quick tips and best practices for managing passwords.
- Sophos antivirus software: Secure work and home devices with Sophos antivirus.
- Whole Disk Encryption Risk Advisory: Find out about encrypting Mac and Windows computers and devices.
- UW Data Classifications: Learn about UW’s data classifications.
- APS 2.4: Review APS 2.4, Information Security and Privacy: Roles, Responsibilities, and Definitions
- Back up your backups: Read about strategies for creating backups for data and devices.
- eduroam: Learn about the secure, encrypted way to connect to Wi-Fi at UW and other institutions worldwide.
- Configure eduroam: Configure your device to use eduroam.
- Husky OnNet: Learn how to securely connect to UW data with UW’s virtual private network service.
- Securing Laptops Risk Advisory: Review best practices for managing UW laptops.
- Working Remotely online training: Watch this training for best practices to secure data, devices, and connections while working from home and off-campus.
- Appropriate Use: Understand your responsibilities in using UW systems and resources.
Scams target offsite workers and COVID-19 fears
This message was sent on March 17, 2020 to all UW students, faculty and staff with approval from Aaron Powell, Vice President for UW Information Technology and CIO.
We are seeing an increase in email, text and phone scams aimed at the UW community as we all adopt new applications, tools and working conditions in order to inhibit the spread of COVID-19.
Scams that exploit fears and vulnerabilities in times of change and uncertainty are continually being adapted by cyberthieves and other malicious actors who target University and personal financial information, systems and accounts.
These scammers may:
- Request that you provide your cell phone number or non-UW email address so their communications with you are outside any safeguards the University may have.
- Ask you to buy gift cards or to send or receive money advances.
- Entice you with seemingly urgent phishing messages to click on links or open documents that may lead to malware infections or the theft of your UW NetID credentials.
- Send messages that appear to be from UW employees and offices, but are actually sent from phony or spoofed email accounts.
What you can do
- Be vigilant about lures in the form of emails, phone calls and texts that attempt to inspire a quick reaction or instill fear, whether it is a request to reset your account or a warning about a current news event.
- Don’t click on links or open unsolicited email attachments without verifying that the sender is who you think it is.
- Don’t respond with personal information to emails and texts from unfamiliar numbers and senders.
- If you suspect an email message may contain malware or phishing, forward it as an attachment to firstname.lastname@example.org
- Phishing examples
- Best practices for working remotely
- More details about coronavirus-themed phishing
- Tools and best practices for working remotely on IT-Connect
If you have any questions or concerns, please contact email@example.com