Fake websites targeting SecureAccess Washington (SAW) users

Washington state agencies have been notified of a “sponsored ad” SAW spoofing campaign, involving paid search results that push people to fake web pages. The goal of these malicious campaigns is to obtain customer login information.

What do the ads look like?

These fake sponsored ads on search engines have links such as “SecureAccess – Washington” and “SecureAccess Washington – login”. If users click on the ad, it takes them to a page that looks like a legitimate government website asking for their username and password. If those credentials are provided, bad actors can then potentially use this to access accounts at state agencies.

One indication that the links are to malicious websites is they do not have a .gov address but instead have URLs such as “wasecuracces.com” or “washingtonst.net”. The only correct SAW address is https://secureaccess.wa.gov.

Fake SAW ads

How can I protect my account?

If you are concerned that you clicked on one of these ads and entered your login information, you should change your SAW password (safe link) and any other passwords that use the same or similar credentials. We highly recommend using unique passwords for different accounts. It is good practice to review all of your account information to make sure it is accurate and up to date.

If you cannot access your DOR account, please contact DOR directly at: (360) 705-6705.