Bad actors are spoofing SecureAccess Washington (SAW)

Example of fake page
Example of spoofed page

Washingtonians who use the SecureAccess Washington (SAW) portal to access state services should be on the lookout for spoofed (fake) internet ads that pretend to be government links to SAW.

WaTech's state Office of Cybersecurity (OCS) has observed fake sponsored ads on search engines with links such as SecureAccess – Washington and as SecureAccess Washington – login.

If users click on the ad, it takes them to a page that looks like a legitimate government website asking for their username and password. If those credentials are provided, bad actors can then potentially use that information to access user accounts at state agencies.

One indication that the links are fake websites is they do not have a .gov address but instead have URLs such as “wasecuracces.com” or “washingtonst.net.”

To avoid becoming a victim, be skeptical of all links on the internet even if they look official. When going to a government agency website, make sure it has a .gov address. The only correct SAW address is https://secureaccess.wa.gov.

When searching for SecureAccess Washington on the internet, the legitimate results should look like this (notice the correct URL under the header):

URL search