By Casey Hanson, Information Services

phishing-fishing-bandit-80pA recent advisory issued by the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) warned higher education institutions about sophisticated phishing attacks (malicious emails) that target university employees’ credentials to access payroll information.

The attackers are closely researching institutions’ systems and practices to impersonate emails and web portals to trick users into providing account names and passwords to access universities’ and colleges’ payroll information.

This is particularly important during both calendar and fiscal end of year financial wrap ups, beginning of year start up and anytime there is any planned mass salary increase to be distributed to employees’ salaries—and WSU employees and students are always encouraged to be alert to this kind of malicious email activity.

While WSU has mechanisms in place to defend against phishing attacks, no system is infallible. Increased vigilance among users has been proven to be the best defense and the first step toward prevention.

Here are some specifics regarding this exploit to help protect yourself and WSU:

  • Be cautious of links in email, use mouse hover (but DO NOT CLICK) to view actual web address to see where it is originating; if it looks suspicious, it probably is.
  • Messages may appear to originate from WSU, when in fact they are not.
  • Message may include subject lines such as:
    • Your Salary Review Documents
    • Important Salary Notification
    • Your Salary Raise Confirmation
    • Connection from unexpected IP
    • RE: Mailbox has exceeded its storage limit.
  • Malicious links contained in these emails direct victims to webpages controlled by the attackers that look nearly identical to WSU legitimate login portals.
  • University images could be used within email text.
  • Use of the “salary increase” approach seems to coincide with end of the fiscal year and/or when universities announce that there will be a salary increase at the beginning of the calendar or fiscal year.
  • Victims have reported receiving an email claiming to be from the university’s HR department referencing a change in salary. A link is provided to review salary change information.
  • Users should be cautious when accessing email and never send account information to others, especially via email. This includes login/username and password credentials. In addition, any time an email link leads to a web page that asks you to log in, users should be extremely cautious and carefully verify that the web address is legitimate. If there is ever any question as to the legitimacy of the link, users should open their browser separately and go directly to the organization’s website without clicking on the link in the email.


These types of attacks appear to be well planned and highly orchestrated, as they very closely mimic university images, web addresses, and are often sent during faculty and staff review periods.

If you receive a suspicious message please forward the email to WSU Information Technology Services Help Desk at and delete the email.

If you suspect you have been a victim of a phishing scam and you provided any information of a sensitive nature, please report it to You may need to be on the alert for evidence of identity theft and related financial fraud.

Additional details located: