March 2019 Security Alert! Email phishing campaign utilizes malicious attachments

3/8/2019: The Washington State Office of CyberSecurity (OCS) has released a special advisory to alert state employees about an email phishing campaign that uses malicious file attachments (including Word documents) to install malicious software and to trick recipients into providing their credentials. Emails from this campaign often have the following characteristics:

The message may appear to come from a WWU employee

The message may appear to come from an address at Western Washington University (or another state agency), but the email address will be from a free account like GMail, or

  • The sender may look like, but the email address the message is sent from will actually be
  • The signature block in the email message body may have the employee's real address.

Known Email Subjects

  • Transaction
  • Invoice
  • John Doe has sent you a Secure Message

Attachments or links

  • May include a malicious Word document attachment
  • May include a link to Get Secure Message

Stay safe by following these tips

  • Verify emails, especially those with links or attachments, are from the email address they claim to be from in the message body. Look at the sender on the FROM line and make sure it is not from a or address when it should be from an address.
  • Do not open Word documents from unexpected sources. Even if you recognize the sender, be suspicious if they send you an attachment you did not expect. When in doubt, contact the sender by phone or in person to verify the authenticity of the email and attachment.
  • Open attached Word documents using the Outlook Preview Mode if you think they are expected and safe, but you aren't sure. The Preview mode does not execute the malicious scripts embedded in Word docs from this particular campaign. You can also safely download the document and scan it with antivirus software before you open it in Word. 
  • Do not enable Word macros when opening a document unless you know it is from a trusted source.
  • Learn to recognize other types of phishing.