Alerts

Last Updated:
Status: Active Severity: Minor

Exercise caution before installing free apps from the internet.  Apps that appear safe, like Doc-to-PDF converters, may contain malware that can hijack your web browser, steal your passwords, and redirect you to malicious websites.  If you need software to perform a particular action, please contact the Help Desk or Software Services for advice before downloading anything -- an officially-supported Western option may be available.

Last Updated:
Status: Resolved Severity: Minor

The WA State Office of Cybersecurity warns of an increase in tax-related cyber scams, including:

  • AI-powered phishing campaigns: Cybercriminals are using artificial intelligence to generate realistic, personalized emails that mimic official IRS or tax preparation communications.
     
  • Deepfake voicemail and phone scams: Scammers have adopted voice-cloning technology to leave voicemails or make live calls posing as IRS agents or legal representatives.
     
  • Fake tax filing websites: Entire websites are being created to impersonate well-known tax services. These fraudulent platforms use professional design, stolen logos, and even customer service chatbots to convince users they’re legitimate.
  • Cryptocurrency refund scams: This year, scammers are targeting younger taxpayers and crypto enthusiasts with fake promotions offering “faster tax refunds” in cryptocurrency.
     
  • Refund diversion schemes: Once scammers gain access to a taxpayer’s personal information, they may file a fraudulent return and redirect the refund to a temporary bank account they control. Victims often only find out weeks later, after the IRS notifies them that their taxes have already been filed.

The state's Top 5 tips to avoid tax scams are:

  1. Use a trusted, verified tax filing service: Stick with well-known tax software or reputable professionals.
  2. Be skeptical of emails, calls, and texts: The IRS will never email, call, or text you to ask for personal information or payment. If you receive a message about your taxes, don’t click or respond. Go directly to IRS.gov or contact your tax preparer through a well-known, secure channel.
  3. Enable Multi-Factor Authentication (MFA): If your tax preparation software, email, or cloud storage offers MFA, turn it on. Even if scammers get your password, they won’t get access without your second verification method (like a code sent to your phone).
  4. Shred, Don’t Toss: Tax documents often contain Social Security numbers, income data, and other personal info. When eliminating old tax records, never throw them in the trash without shredding them first.
  5. Check Your IRS Account: Visit the IRS online account portal to check for suspicious activity or previously filed returns you didn’t authorize. It’s free, secure, and another way to keep an eye on your tax status.
Last Updated:
Status: Resolved Severity: Major

WWU has received thousands of malicious emails in the last two weeks from multiple Gmail addresses claiming to offer a BankMobile Financial Aid refund.  These emails contain Word documents with a link to a web form designed to steal your username and password.  

WWU will never send you official email about your financial aid from a Gmail address.  If you receive these emails, please report them as Phish following the instructions here: Phishing: How to Protect Yourself from Fraudulent Emails | ATUS | Western Washington University.

If you fell for this scam and were tricked into giving up your username and password, please contact Information.Security@wwu.edu for assistance.

Last Updated:
Status: Resolved Severity: Major

Western has been receiving phishing emails asking you to "validate active accounts" or saying you have two different logins and you need to reconcile them.  NEVER respond to such emails.  Someone is trying to steal your username/password  Instead, go the the ATUS website and follow their directions to change your password.  You may also receive phishing emails from internal users who have had their accounts compromised.  See the images below.

Original Google doc page from a link inside of an external phishing email:

Phish to Google Doc

 

Phishing emails from legitimate internal users:

Phish from internal compromised user

 

Last Updated:
Status: Resolved Severity: Minor

Western has been receiving robo phone calls from a spoofed Western phone number.  This means that though the call originated outside of Western, it appears to be from Western.  The number we are currently seeing is (360) 650-7929, but this may change over time.  There is not much Western can do to prevent these calls at this time, so your best strategy is to decline the call and let it go to voice mail.

Last Updated:
Status: Resolved Severity: Major

Western has been receiving phishing emails from compromised SharePoint and OneDrive sites, saying someone has shared a file with you.  Unless your are expecting a file to be shared with you, and know the person sharing the file, do not try to open it!  You may be prompted to enter your credentials, and your identity will be stolen.  Please also sign up for multi-factor authentication to better protect your identity.

Image removed.

Last Updated:
Status: Resolved Severity: Major

Western has been receiving a large number of "pet sitting" scam emails.  If someone sends an offer of a pet sitting job, even if it appears to be the email address of a Western community member, it is likely to be malicious.  Below is an example of one sent 11/30/2021:

Pet sitting scam email
Last Updated:
Status: Resolved

Western users have been receiving many emails sent from Google, SharePoint and OneDrive that contain links to files infected with malware.  If you click on the links, your workstation may be infected with malware and your credentials (username/password) may be leaked to the hacker.  To protect yourself, do not click on a link unless you are expecting a file and know the sender.  Below is an example of an email with a malicious sharing link.

Malicious email image
Last Updated:
Status: Resolved

Western's Information Security Office (ISO) has found several personal devices on our network being used for cryptocurrency mining.  According to the federal Cybersecurity and Infrastructure Agency, "Cryptocurrency mining, or cryptomining, is the way in which cryptocurrency is earned. Individuals mine cryptocurrency by using cryptomining software to solve complex mathematical problems involved in validating transactions. Each solved equation verifies a transaction and earns a reward paid out in the cryptocurrency."  

Cryptomining takes enormous compute power.  To earn money, malicious actors have developed malware that can infect your system and use it for cryptomining unbeknownst to you (cryptojacking).  You may find your system performance degraded, your system crashing, or hardware components failing.  To ensure you are not a victim, make sure you take the normal precautions of keeping your system patched, ensuring up-to-date malware protection software is installed, and never clicking on links in emails unfamiliar to you.  Also, sign up for Western's multi-factor authentication (MFA).

Lastly, realize that if you are purposely cryptomining at Western, you are violating our Computer Use Responsible Computing policy.

Last Updated:
Status: Resolved

Western has been experiencing retirement scam emails.  Be aware that any information about retirement should come only from Western HR.  Please contact the Washington State Department of Retirement Systems directly if you have any questions about your retirement.

Retirement Scam Image