VUMC Cybersecurity Team’s Urgent Alert: Beware Of Third-Party Scams Targeting Workday Users
In recent news, the VUMC Cybersecurity Team has issued an urgent alert cautioning users of the human capital management software Workday about a growing number of sophisticated third-party scams that attempt to trick unsuspecting employees into divulging sensitive personal and financial information.
The malicious actors behind these scams employ a variety of tactics, from phishing emails with malicious links or attachments to fraudulent phone calls and social media messages. They often impersonate legitimate representatives from Workday or other affiliated organizations to gain trust and credibility.
Here’s what you need to know about this cybersecurity threat:
Identifying Phishing Attacks
Beware of Suspicious Emails
Phishing emails typically contain a sender’s address that looks legitimate but contains subtle differences, such as an extra character or a misspelled domain name. Hover over the sender’s address to verify its authenticity.
Examine Links and Attachments
Before clicking on any links or opening attachments in emails, inspect them carefully. Hover over links to check their actual destinations, and never download attachments from unknown senders.
Trust Your Instincts
If an email elicits a sense of urgency or pressure, it’s likely a phishing attempt. Legitimate organizations rarely use such tactics.
Protecting Yourself from Scams
Use Strong Passwords
Create complex passwords for all your online accounts, including Workday. Avoid using easily guessable information like your name or birthday.
Enable Multi-Factor Authentication
Set up multi-factor authentication (MFA) for your Workday account and any other sensitive accounts. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone.
Be Cautious of Phone Calls
Never provide personal or financial information over the phone to unsolicited callers, even if they claim to be from Workday. Hang up and report the call as suspicious.
Reporting Suspicious Activity
If you receive a suspicious email or phone call, report it to the VUMC Cybersecurity Team immediately. You can also report it to Workday directly through their support channels.
By following these guidelines, you can protect yourself from these third-party scams and safeguard your personal information. The VUMC Cybersecurity Team remains committed to keeping users informed about emerging threats and providing resources to help them stay secure online.
| Threat | Tactics | Prevention |
|---|---|---|
| Phishing Emails | Suspicious sender addresses, malicious links and attachments, urgent tone | Verify sender’s address, inspect links and attachments, trust instincts |
| Fraudulent Phone Calls | Impersonation of Workday representatives, requests for personal information | Hang up and report the call, never provide sensitive information over the phone |
| Social Media Scams | Fake accounts, phishing messages, offers of unauthorized access to Workday | Be cautious of unknown connections, report suspicious activity |
