{"id":1273,"date":"2025-06-27T15:20:17","date_gmt":"2025-06-27T15:20:17","guid":{"rendered":"https:\/\/www.wisconsin.edu\/workday\/?p=1273"},"modified":"2025-07-08T21:02:31","modified_gmt":"2025-07-08T21:02:31","slug":"avoid-workday-phishing-scams-during-workday-go-live","status":"publish","type":"post","link":"https:\/\/www.wisconsin.edu\/workday\/2025\/06\/27\/avoid-workday-phishing-scams-during-workday-go-live\/","title":{"rendered":"Avoid phishing scams during Workday go-live\u00a0"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p>Workday goes live at the Universities of Wisconsin on July 7, 2025. As we begin to use Workday, we must keep in mind that cybercriminals often target organizations that are changing systems. Other universities have seen an increase in phishing emails and scam calls with similar large-scale implementations. You can help keep the UWs\u2019 information secure by watching for and reporting phishing attempts.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Recognize Phishing Red Flags<em>&nbsp;<\/em><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Someone pretending to be a colleague: <\/strong>Scammers might send emails or call pretending to be someone you know. They might ask you to change settings for something like where a paycheck goes.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Fake vendor messages:<\/strong> You may get a message from someone claiming to be from a company we work with asking to update banking information.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Password phishing:<\/strong> You may get an email asking that you share your login information.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Bogus Workday notifications:<\/strong> You may see fake emails that look like they&#8217;re from Workday, with links you shouldn&#8217;t click. The presence of an official logo does not guarantee the authenticity of an email.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Rush tactics:<\/strong> Beware of messages claiming you need to act right away about your paycheck or account, trying to make you hurry and not think things through.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><strong>Examples of Workday Phishing Emails<\/strong>&nbsp;<\/strong>&nbsp;<\/h2>\n\n\n\n<p><strong>Erroneous Login Page<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"453\" height=\"528\" src=\"https:\/\/www.wisconsin.edu\/workday\/wp-content\/uploads\/sites\/336\/2025\/06\/Erroneous-login-page.png\" alt=\"Erroneous login page showing Workday logo and email and password fields.\" class=\"wp-image-1283\" style=\"width:400px\" srcset=\"https:\/\/www.wisconsin.edu\/workday\/wp-content\/uploads\/sites\/336\/2025\/06\/Erroneous-login-page.png 453w, https:\/\/www.wisconsin.edu\/workday\/wp-content\/uploads\/sites\/336\/2025\/06\/Erroneous-login-page-257x300.png 257w\" sizes=\"auto, (max-width: 453px) 100vw, 453px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Phony Service Offerings in Workday<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"888\" src=\"https:\/\/www.wisconsin.edu\/workday\/wp-content\/uploads\/sites\/336\/2025\/06\/Phony-service-offerings-in-Workday-1024x888.png\" alt=\"Fake service offering prompting a user to confirm their email address.\" class=\"wp-image-1286\" style=\"width:400px\" srcset=\"https:\/\/www.wisconsin.edu\/workday\/wp-content\/uploads\/sites\/336\/2025\/06\/Phony-service-offerings-in-Workday-1024x888.png 1024w, https:\/\/www.wisconsin.edu\/workday\/wp-content\/uploads\/sites\/336\/2025\/06\/Phony-service-offerings-in-Workday-300x260.png 300w, https:\/\/www.wisconsin.edu\/workday\/wp-content\/uploads\/sites\/336\/2025\/06\/Phony-service-offerings-in-Workday-768x666.png 768w, https:\/\/www.wisconsin.edu\/workday\/wp-content\/uploads\/sites\/336\/2025\/06\/Phony-service-offerings-in-Workday.png 1107w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Fake Offers of Assistance<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"329\" height=\"205\" src=\"https:\/\/www.wisconsin.edu\/workday\/wp-content\/uploads\/sites\/336\/2025\/06\/Fake-offers-of-assistance.png\" alt=\"Screenshot of phishing email prompting a user to log in to Workday, with a message to act urgently.\" class=\"wp-image-1284\" style=\"width:400px\" srcset=\"https:\/\/www.wisconsin.edu\/workday\/wp-content\/uploads\/sites\/336\/2025\/06\/Fake-offers-of-assistance.png 329w, https:\/\/www.wisconsin.edu\/workday\/wp-content\/uploads\/sites\/336\/2025\/06\/Fake-offers-of-assistance-300x187.png 300w\" sizes=\"auto, (max-width: 329px) 100vw, 329px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">How to Spot Real Workday Messages&nbsp;<\/h2>\n\n\n\n<p>Legitimate Workday communications will come from known sources and usually through multiple channels:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Announcements within the Workday system itself&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Official university newsletters or emails&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How to Stay Secure During the Transition&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Check who&#8217;s sending: <\/strong>Look for subtle variations from legitimate UW email domains and addresses.&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>Emails sent directly from the Workday system will be from <a href=\"mailto:wisconsin@myworkday.com\" target=\"_blank\" rel=\"noreferrer noopener\">wisconsin@myworkday.com<\/a>&nbsp;&nbsp;<\/li>\n\n\n\n<li>All other UW emails related to Workday or from our support teams will end in wisconsin.edu (UW Administration) or wisc.edu (UW\u2013Madison). These addresses will also include a preceding reference to the support function such as:\u00a0@uwss.wisconsin.edu; @support.wisconsin.edu; @vc.wisc.edu. To the left of the @, you will see serviceoperations, servicedesk, enterprisedesk, or RAMP.\u00a0<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Be careful with links: <\/strong>Take a good look at Workday-related emails before clicking links or attachments. Before you click, ask yourself, \u201cDoes this seem legitimate?\u201d and always be intentional before taking any action.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Use official sources and the right login page: <\/strong>Always log in through the official UW Workday portal instead of following email links. Access Workday by going directly to the Workday icon on your My Apps (Okta) homepage or my.wisc.edu portal for UW\u2013Madison.\u202f&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Protect your credentials:<\/strong> Remember that your login credentials are yours alone \u2014 never share it, even with coworkers or IT staff. Legitimate support staff will never ask for your password. Never enter your credentials into links from unsolicited emails or messages.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Use multifactor authentication: <\/strong>Workday will ask for MFA when you log in. If it doesn&#8217;t ask after you enter your password, stop and contact your campus IT help desk.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Watch for random MFA prompts: <\/strong>If you get MFA prompts you didn&#8217;t initiate, don&#8217;t accept them, and call your campus IT help desk.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Report \u201cphishy\u201d email: <\/strong>If you get a questionable Workday-related email, report it to your organization&#8217;s IT or security team immediately. <strong>Do not reply or click on links.<\/strong>\u202f&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How Workday Protects Our Data<\/strong>&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Data encryption:<\/strong> Workday encrypts all customer data and secures information being sent back and forth.\u00a0\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Login security: <\/strong>Workday will use multifactor authentication, and people will only be able to see the information they need for their job.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Secure facilities: <\/strong>Workday&#8217;s systems are in secure data centers with multiple security layers, including biometric verification and 24\/7 monitoring.<strong>\u00a0<\/strong>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Ongoing security checks: <\/strong>Workday regularly tests for vulnerabilities and has outside experts conduct security assessments.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Multifactor authentication:<\/strong> Our Workday implementation features multifactor authentication via Okta and Duo (UW\u2013Madison) to create a barrier to entry for credential phishers who may try to log into your account.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>More information about Workday security features is available on the <a href=\"https:\/\/www.workday.com\/en-us\/why-workday\/security-trust.html\">company\u2019s website<\/a>.<\/li>\n<\/ul>\n\n\n\n<p>By using Workday&#8217;s security features and following good phishing awareness practices, we can protect the UW&#8217;s data during this transition. If something seems off, check with a trusted source. Remember that security is a shared responsibility, and vigilance is key in combating cyber threats.\u202f&nbsp;&nbsp;&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Discover how you can identify phishing attempts when Workday goes live across the Universities of Wisconsin on July 7.<\/p>\n","protected":false},"author":6449,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,9],"tags":[],"class_list":["post-1273","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-news-and-announcements"],"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/www.wisconsin.edu\/workday\/wp-json\/wp\/v2\/posts\/1273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wisconsin.edu\/workday\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wisconsin.edu\/workday\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wisconsin.edu\/workday\/wp-json\/wp\/v2\/users\/6449"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wisconsin.edu\/workday\/wp-json\/wp\/v2\/comments?post=1273"}],"version-history":[{"count":11,"href":"https:\/\/www.wisconsin.edu\/workday\/wp-json\/wp\/v2\/posts\/1273\/revisions"}],"predecessor-version":[{"id":1298,"href":"https:\/\/www.wisconsin.edu\/workday\/wp-json\/wp\/v2\/posts\/1273\/revisions\/1298"}],"wp:attachment":[{"href":"https:\/\/www.wisconsin.edu\/workday\/wp-json\/wp\/v2\/media?parent=1273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wisconsin.edu\/workday\/wp-json\/wp\/v2\/categories?post=1273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wisconsin.edu\/workday\/wp-json\/wp\/v2\/tags?post=1273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}