Skip to main content Skip to navigation
Security at WSU Phishing


Phishing is an attempt to trick you into revealing private information. Emails, texts, or phone calls can “fish” for information by trying to lure you into clicking on a malicious link or attachment, or giving passwords, credit card numbers, etc., to a malicious third party. Report suspicious emails and phishing scams to

How to recognize a phishing attempt

  • Legitimate companies do not ask for personal info via email or text.
  • Messages may appear to be from organizations you do business with.
  • Sense of urgency: Messages may include threatening statements to close an account if you fail to respond, often indicating that such threats will be executed “immediately.”
  • Obvious grammatical errors, spelling errors, and strange word choices. Messages from legitimate companies are usually written by professional communicators who won’t make such errors.

How to spot:

Sample phishing email:


  1. Sender’s email address: Official WSU communications will always be sent from a address. However be cautious, just because it does come from a address does not guarantee that it is legit either.
  2. Impersonal or awkward greeting: Most phishing emails do NOT refer to the recipient by name.
  3. Spelling: Official emails should not have spelling or grammatical mistakes.
  4. Ultimatum: Urgent warning attempts to scare you into responding quickly and without thought.
  5. WSU will never ask for your password or other personal information via email.
  6. Bogus URL: Official WSU websites will always end in Website URLs are easily obscured. DO NOT click. Instead, hover over the link to verify destination URL.
  7. Security disclaimer: This does not mean the message is genuine.
  8. No signature or contact info: Official WSU business will always include WSU phone, email, and web address.

What to do if you suspect you’re being phished:

  • If you think the message might be legitimate, or if you’re worried about the consequences of ignoring it, look up the organization independently and contact them directly.
  • Do not click on links or call phone numbers provided in the message. They may redirect you to fake sites that mimic the real thing.
  • Do not open attachments that are unexpected or from unverified sources.
  • Do not send your password via email.
  • Only sign in if you are 100% sure you are on the real site.
  • Report suspicious emails and phishing scams to