Threat actors spoof SAW email in attempt to steal credentials

Home » Threat actors spoof SAW email in attempt to steal credentials
Release Date: 
05/27/2020

WaTech’s state Office of Cybersecurity is receiving reports of fake SecureAccess Washington (SAW) phishing emails that attempt to trick people into providing their account credentials.

In the example below, users are told they have 24 hours to correct inaccurate information or their SAW account will be restricted.

SAW administrators will never send an email asking users to verify details in their account or threaten account suspension. They also will never ask for a user’s password.

Phishing emails are increasingly sophisticated and hard to detect. They may appear to be from people or organizations you know and trust. They may even contain information from previous emails threads so that it appears to be part of a continuing conversation.

General tips to avoid becoming a victim:

  • Be suspicious of any emails that urge you to take action and try to create a sense of urgency.
  • Never click on links or open attachments until you have verified the email is legitimate.
  • Call the sender by looking up their phone number independently.
  • Never call a phone number included in a suspicious email or reply to the sender.

Common types of attachments seen in phishing campaigns:

  • Malicious files with innocent names, such as “invoice.”
  • Compressed or .zip/.rar files that can fool your anti-virus if it cannot inspect the files.
  • Office products such as Excel and Word can have malicious macros (programs that run inside of programs).
  • PDF files may have a malicious link or a macro embedded.
  • Files that emulate a DVD drive or a USB drive (extension .iso, .ism) can be used to automatically run a script once opened.

If you are a state employee and receive a suspicious email at work, please contact your information technology (IT) security staff immediately. For more information please see the Federal Trade Commission’s site on phishing emails.

Phishing email example