Employees should again check their direct deposit information in Workday and all WSU students, faculty, and staff are strongly advised to begin switching now to the Okta Verify mobile application as their primary multi-factor authentication (MFA) tool.
Additional victims of a cyber scam that involves tricking WSU employees into divulging their WSU network credentials have been discovered. After gaining access to the employees’ Workday accounts the con artists switch the bank deposit information so automatically deposited WSU checks go to them instead.
Investigations are underway and any unauthorized changes should be reported to WSU Police.
Meanwhile, the university also is reminding employees they are responsible under WSU policy for safeguarding the secrecy of their authentication credentials such as passwords. Additionally, all employees are required to complete annual cybersecurity training.
Here’s how to check your bank deposit information:
- Log in to your Workday account.
- Type “payment elections” into the Workday search bar.
- Click on the “payment elections” report option to access current direct deposit information for both payroll and expense reimbursements.
- Under the “accounts” section, select “view” and review all the banking information to ensure accuracy, including: account type, routing transit number, bank name, account nickname and the bank account number. Only the last four digits of the bank account number will be visible.
“No one affiliated with WSU should ever ask you for your WSU password, ask you for a passcode, or ask you to authorize an Okta request on their behalf,” states Tony Opheim, WSU Vice President for Information Technology Services and Chief Information Officer. “If you receive a request for your password, passcode, or to approve an Okta request you did not initiate, please report immediately to abuse@wsu.edu or call the Crimson Service Desk at 509-335-4357.”
If you discover any banking information has been changed without your knowledge, re-enter the correct information and alert the university at incident.notification@wsu.edu.
The university is asking supervisors who manage student employees to make sure they have received this information as well.
To best support WSU’s technical security, Information and Technology Services again urges greater use of the mobile Okta Verify application for the multifactor authentication push confirmation option by individual users. This completes required authenticity.
verification of any Workday log-in attempt. Under the Okta Verify option, a query is sent to an employee’s mobile phone whenever there’s a log-in attempt and it must be verified as authentic via a yes or no response before access is granted.
Also, the university strongly encourages employees to immediately discontinue all use of voice call and text/SMS multifactor authentication ahead of anticipated removal of those MFA options.
More information about protecting yourself against cyber scams targeting WSU can be found on the ITS website.
Employees should always forward any suspicious emails they receive to abuse@wsu.edu even if they’re uncertain whether it’s a scam or not.
