Phishing scams are all-too-common, unfortunately. Here are a few important reminders to help keep you from becoming a victim of a well-crafted scam:
1. The most secure way to navigate to Workday is by using the “Login to Workday” link found at the top of this page.
Use this link when you need to access Workday, or if you are ever worried that you’ve received a phishing email disguised as an email from Workday. Any communication that arrives from Workday in your email inbox (e.g., Outlook) will also always be found in your Workday “My Tasks” inbox or your Workday Notifications (use the Bell icon).
2. You will always be asked to log into Workday with your UW NetID and password – if you’re not asked to log in using your UW credentials, do NOT trust that link.
If you followed a Workday link in an email you received, but the login screen for your UW NetID and password doesn’t appear, we recommend closing out of your web browser immediately. You can then log into Workday from the “Login to Workday” link to confirm the message as outlined above.
3. You will always be asked to log into Workday using two-factor authentication (Duo/2FA) – if you do not have to use your 2FA device to complete your sign in, do NOT trust that link.
Using 2FA is how you know your private information is secure. When accessing Workday, 2FA adds an extra layer of security by asking you to assert your identify a second time, using a method or channel (for example, a cell phone) to which the phisher/scammer does not have access. If you do not need to “approve” a “login request” using your designated 2FA device, we recommend closing out of your web browser immediately. You can then log into Workday from the “Login to Workday” link to confirm the message as outlined above.
Learn More
For UW recommendations about how to avoid phishing scams, visit the Office of Information Security’s Phishing Examples page.