Phishing campaign spoofs SecureAccess Washington (SAW)

Home » Phishing campaign spoofs SecureAccess Washington (SAW)
Release Date: 
05/27/2021

Washingtonians who use the SecureAccess Washington (SAW) portal to access state services should be on the lookout for phishing texts that target SAW users to steal credentials and personal data.

WaTech’s state Office of Cybersecurity (OCS) has observed spoofed phishing texts containing messages such as: “Your SecureAccess Washington (SAW) claim account is currently on hold for verification, please verify by following the instruction in the link below.”

If users clicked on the provided bit.ly link, it took them to a page asking for their username and password. If credentials were entered, users were asked for their Social Security number, driver’s license number and mother’s maiden name and redirected to the state Employment Security Department SEAP site.

OCS, working with the registrar of the webpage, was able to shut down the site that was harvesting user credentials. However, it is possible that threat actors could launch new attacks.

SecureAccess Washington will never send unsolicited emails or texts requesting verification of their accounts. SAW only sends emails and texts at the request of users. Please remember: Never click on links or open attachments from unverified sources.

For your awareness, here's a screenshot example of the spoofed text messages that were being received as part of the phishing campaign.