A newly discovered cyber scam targeting WSU employees has prompted university officials to urge everyone with direct deposit arrangements to immediately verify their bank account information on file with Workday is still accurate.
Using an email scam known as a phishing attack, con artists tricked several WSU employees into divulging their WSU network credentials, then illegally accessed Workday and changed the direct deposit information on file so paychecks were instead sent to the criminals’ bank accounts.
WSU Police are working with federal authorities to investigate.
“This is a serious scam,” said WSU Police Chief Gary Jenkins. “It is important that all employees look at their bank information in Workday before the end of day on Tuesday, July 2, to make sure it hasn’t been illegally changed.”
Here’s how to check:
- Log in to your Workday account.
- Type “payment elections” into the Workday search bar.
- Click on the “payment elections” report option to access current direct deposit information for both payroll and expense reimbursements.
- Under the “accounts” section, select “view” and review all of the banking information to ensure accuracy, including: account type, routing transit number, bank name, account nickname and the bank account number. Only the last four digits of the bank account number will be visible.
Although the next payday isn’t until July 10, it’s this week’s July 2 pay lock date that determines where direct deposits will be sent.
If you discover any banking information has been changed without your knowledge, re-enter the correct information and alert the university at incident.notification@wsu.edu. WSU Police also ask that you contact Corporal Erik Welter at erik.welter@wsu.edu or 509-335-4381.
The university is asking supervisors who manage student employees to make sure they have received this information as well.
To best support WSU’s technical security, Information and Technology Services again urges greater use of the mobile Okta Verify application for the multifactor authentication push confirmation option by individual users. This completes required authenticity verification of any Workday log-in attempt. Under the Okta Verify option, a query is sent to an employee’s mobile phone whenever there’s a log-in attempt and it must be verified as authentic via a yes or no response before access is granted.
Also, the university strongly encourages employees to immediately discontinue all use of voice call and text/SMS multifactor authentication ahead of anticipated removal of those MFA options.
More information about protecting yourself against cyber scams targeting WSU can be found on the ITS website. Additionally, employees should complete the university’s cyber security training in Percipio.
Employees should always forward any suspicious emails they receive to abuse@wsu.edu even if they’re uncertain whether it’s a scam or not.
