Today, Information Security Services issued an URGENT Alert.
There is a large-scale campaign to compromise WSU email accounts.
Within the last week, attackers have engaged in a campaign to impersonate WSU information technology staff while contacting faculty, staff, and students via email and text messages asking to validate accounts and threatening to deactivate WSU accounts otherwise.
Those who fall for this attack are directed to a fake login page where their username and password is stolen, and then the attackers request the Multi-Factor Authentication (MFA) code in order to bypass that secondary layer of security protection.
Never disclose usernames, passwords, or MFA authentication codes to anyone requesting them via email or text message. WSU information technology services does not “check for active accounts” by emailing or texting account owners, and will never need your MFA authentication for it.
If you are contacted by anyone asking you to verify your WSU account by logging in, providing your Multi-Factor Authentication code, or both, do not engage with these individuals, report the incident to information security services at abuse@wsu.edu.