Note: This is a printed version of https://isc.uw.edu/using-workday/anti-phishing-precautions-for-workday. Please visit this page on the ISC website to ensure you're referencing the most current information.
Phishing scams are an unfortunately routine part of life. With UW employees becoming increasingly familiar with receiving Workday notices and following links included in important communications, here are a few important reminders:
1. The most secure way to navigate to Workday is by using the “Sign in to Workday” link found at the top of this page (and every other page on the ISC website).
We suggest using this link when you need to access Workday, or if you are ever worried that you are seeing a phishing email disguised as an email from Workday. Any communication that arrives from Workday in your email inbox (eg, Outlook) will also always be found in your Workday Inbox or your Workday Notifications (use the Cloud icon).
2. You will always be asked to log into Workday with your UW NetID and password – if you’re not asked to log in using your UW credentials, do NOT trust that link.
If you followed a Workday link in an email you received, but the login screen for your UW NetID and password doesn’t appear, we recommend closing out of your web browser immediately. You can then log into Workday from the “Sign in to Workday” link to confirm the message as outlined above.
3. You will always be asked to log into Workday using two-factor authentication (Duo/2FA) – if you do not have to use your 2FA device to complete your sign in, do NOT trust that link.
Using 2FA is how you know your private information is secure. When accessing Workday, 2FA adds an extra layer of security by asking you to assert your identify a second time, using a method or channel (for example, a cell phone) to which the phisher/scammer does not have access. If you do not need to “approve” a “login request” using your designated 2FA device, we recommend closing out of your web browser immediately. You can then log into Workday from the “Sign in to Workday” link to confirm the message as outlined above.
If you are ever concerned about the authenticity of a message that appears to be from the ISC, please feel free to contact us to confirm we sent the email – we are happy to help!