Workday goes live at the Universities of Wisconsin (UWs) on July 7. As we begin to use Workday, keep in mind that cybercriminals often target organizations that are changing systems. Other universities have seen an increase in phishing emails and scam calls with similar large-scale implementations. You can keep your information and the UWs’ information secure by watching for and reporting phishing attempts.
What to Watch For
- Carefully read the email and consider the action they are asking you to do before responding or clicking. If the request is unusual or out of context, please use the information below to review it before taking any action.
- If you are unsure about an email, verify its legitimacy with the UWM Help Desk. You can also forward the email to abuse@uwm.edu and a member of UWM’s Information Security Office will help you verify the email. Please reach out and ask; even if you aren’t sure, it is better to confirm.
- UWM Help Desk, Microsoft and Workday will never ask for a multi-factor authentication (MFA) code over the phone or through a text message.
- Do not fill out any unexpected forms that are sent to you.
- The UWM Help Desk and Universities of Wisconsin Help Desk will not contact you unless you already have a support request open with them.
- For more information about spotting phishing emails, visit the UWM Cybersecurity webpage.
Stay Secure During the Transition
- Check who’s sending: Look for subtle variations from legitimate UWs email domains and addresses.
- Be careful with links: Carefully read Workday-related emails before clicking links or attachments. Before you click, ask yourself “does this seem legitimate?” and always be intentional before taking any action.
- Use official sources and the right login page: Use official links to Workday such as the UWM Faculty & Staff page.
- Protect your credentials: Remember that your login credentials are yours alone – never share it, even with coworkers or IT staff. Legitimate support staff will never ask for your password. Never enter your credentials into links from unsolicited emails or messages
- Watch for unsolicited MFA prompts: If you get MFA prompts you didn’t initiate, don’t accept them and contact the UWM Help Desk.
- Report “phishy” email: If you get a questionable Workday-related email, report it to the UWM Help Desk or forward it to abuse@uwm.edu immediately. Do not reply or click on links.
Examples of Phishing Emails
By using Workday’s security features and following good phishing awareness practices, we can protect your data and the UW’s data during this transition. If something seems off, check with a trusted source. Security is a shared responsibility, and vigilance is key in combating cyber threats.