Phishing & security awareness

C&IT is committed to keeping the Wayne State community safe online. Follow our tips to be #WarriorSecure

Recognize, report, delete

Be aware of phishing emails impersonating Wayne State University departments.

Wayne State will never ask for payment, banking details, or other personal information via email.
Wayne State and/or C&IT will never email you to verify your account or password. Your AccessID and Wayne State accounts are based on your current student, faculty, or staff role.
Never share your password or multifactor authentication pin number.

Compromised accounts are the biggest contributor to phishing scams, and it is integral that all of us can correctly recognize these fraudulent messages, report them to the appropriate authorities, and delete them from our environment.

Red flags

Be on the lookout for the following red flags and report all phishing messages by using the tools in Outlook. Reporting helps us stop the message from spreading further across campus, and using the built-in tool includes important reporting details that are not included when messages are forwarded.

Red flag	Description	How to spot it
Compromised acount(s)	Stolen @wayne.edu email addresses that are used to send malicious messages under the guise of a trusted community member. All it takes is one compromised account for a phishing scam to spread like wildfire.	Just because an email comes from another @wayne.edu email address does not mean it is safe. Once one account is compromised, it can then be used to target even more users. Always verify messages by contacting the department if you’re unsure. Official university email communications are sent from departmental addresses, not personal accounts. For example, you will never receive a legitimate message from the Dean of Students Office via a student, faculty, or staff member’s individual email address.
Spoofed account(s)	Non-Wayne State email addresses that are designed to trick you into thinking they are associated with the university.	Before acting, look at the address an email came from and check for spoofs like cithelpdesk@google.com, wsupresident@yahoo.com, or provost@hotmail.com.
Personal info request	Demands for information via email or text message.	Messages that want you to provide your password or multifactor authentication number to verify your account or share banking information. Wayne State will never ask you to do this.
Pressure and/or urgency	Messages that use emotional manipulation or threats to get you to make immediate changes to your account.	Messages that use blackmail or the threat of losing your account to force you into immediate action. Your Wayne State account is based on your current role at the university. If you are currently enrolled in courses, teaching, working, or conducting research, you will have access to the tools you need and do not have to prove use of your account.
Too good to be true job offers	Messages offering large sums of money for simple tasks.	Emails are staged as from university personnel looking for someone to walk their dog or assist with other simple tasks for amounts like $500/week. These scammers are hoping you will provide personal information in hopes of getting these cushy fake positions. Student employment opportunities are available through Handshake and Career Services.
Non-wayne.edu links and/or faux login pages	Fake login pages made with Google, Wix, or other free website builder tools.	Fake login pages that look like the real thing are used to trick you into giving away your password. Only follow wayne.edu and verified and/or trusted vendor links from an email. Go directly to login.wayne.edu to access university resources. If you are unsure of where a link in an email is going to take you, hover over the link with your cursor to see the destination site address.
Obvious errors	Spelling, grammar, and institutional identities.	Messages with missing words, content that has obviously been copied and pasted, or school/college/division names and contact information that is not consistent with the language used on wayne.edu.

The difference between phishing and spam

Unwanted emails from unknown senders typically come in two forms—spam and phishing (scams). It's important to know the difference and report malicious scam emails when necessary.

Phishing (scam)	Spam
Phishing emails or scam emails are targeted attempts to get your account and personal information. If you receive an email like this, do not respond and report it immediately by forwarding it to abuse@wayne.edu. Contact the C&IT Help Desk immediately if you are a victim of a phishing email. If you provided money or your social security number, file a report with your local police department.	Spam emails are junk mail like bulk advertisements and newsletters that clog up your inbox. These can come from businesses you have purchased from in the past or cold-call marketers. Block them by using email filters and marking emails as spam. You do not need to report spam emails

Phishing (scam)

Spam

Phishing emails or scam emails are targeted attempts to get your account and personal information.

If you receive an email like this, do not respond and report it immediately by forwarding it to abuse@wayne.edu.
Contact the C&IT Help Desk immediately if you are a victim of a phishing email.
If you provided money or your social security number, file a report with your local police department.

Spam emails are junk mail like bulk advertisements and newsletters that clog up your inbox.

These can come from businesses you have purchased from in the past or cold-call marketers.
Block them by using email filters and marking emails as spam.
You do not need to report spam emails

How to protect yourself

Use email quarantine

Email quarantine is a security feature in Wayne State email (Outlook) that isolates potentially dangerous messages in a space separate from the main email inbox. The tool uses Microsoft Defender to protect users from phishing messages. Emails in quarantine are available for user review, where they can either be requested for release (trusted and wanted messages) or blocked (unwanted or harmful).

Create a strong password

Passwords are our first line of defense against attacks. Use Wayne State's Strong Password Standard to protect yourself.

Do not use the same password on all accounts. If your only password gets stolen, hackers have access to every account you use.
Password length trumps password complexity. Use long, nonsensical phrases, which are easier to remember than complex characters and numbers.
If your AccessID password is 14 characters or longer, you won't need to change your password unless your account has been compromised.
Use a password manager like LastPass to safely keep track of your accounts.
Set up a recovery email address in case you forget your password.
Many banks and credit card companies offer dark web monitoring. Check with your bank for more information.

Secure your home internet

Wayne State employees can take steps to protect institutional data when working via a remote internet connection.

Avoid sharing computers with other family members, especially if you are an employee using a university-owned computer.
Enroll your devices in automatic updates to ensure they have the latest software to protect them from security problems.
Whenever working using public Wi-Fi, connect to the Wayne State VPN to protect your data.
Windows users can use Windows Security to identify any problems with their devices.