Bad actors are spoofing SecureAccess Washington (SAW)
Washingtonians who use the SecureAccess Washington (SAW) portal to access state services should be on the lookout for spoofed internet ads that pretend to be government links to SAW.
WaTech's state Office of Cybersecurity (OCS) has observed fake sponsored ads on search engines with links such as SecureAccess – Washington and as SecureAccess Washington – login.
If users click on the ad, it takes them to a page what looks like a legitimate government website asking for their username and password. If those credentials are provided, bad actors can then potentially use that information to access user accounts at state agencies.
One indication that the links are malicious websites is they do not have a .gov address but instead have URLs such as “wasecuracces.com” or “washingtonst.net.”
To avoid falling victim, be skeptical of all links on the internet even if they look official. When going to a government agency website, make sure it has a .gov address. The only correct SAW address is https://secureaccess.wa.gov.
Actions you can take to secure your SAW account –
- Change your email account password. Be sure each password you use is different and strong.
- Ensure all devices, email addresses and phone numbers in your SAW account are yours. Remove any unknown devices, email addresses or phone numbers.
- Reset your SAW password if you have not done so already
- Do not use a search engine to get to the SAW login page