Telephone and voicemail systems may be unavailable during scheduled maintenance Jan 29, noon to 6pm. Thank you for your patience.

PSA: Secure Access Washington in phishing emails

May 29, 2020


Over the last several weeks many people, including Evergreen staff, have had unemployment claims falsely submitted in their names to the the Employment Security Department (ESD). This is a well known crime at this point and is being actively investigated by many state and federal agencies. The new twist is what is described in the email below. We have heard from several staff who have created a new Secure Access Washington (SAW) account with Washington Technology (WaTech), the state's computing agency, in an attempt to gain more information or take control of their ESD identity profile. Unless you are actually filing an unemployment claim or using other state resources, you do not need a SAW account as an Evergreen staff member. Furthermore, WaTech will not send you an email of this nature unless you have requested access and are actively in the process of completing that request. Any email like this, without you initiating the action, should be viewed as highly suspicious and forwarded to

Thank you for checking before clicking on links or providing your credentials.  The Technology Support Center is available to help you at


Tony Alfonso, MS-CIS
Associate Vice President for Computing and Communications

From: Weaver, James (WaTech) 
Sent: Tuesday, May 26, 2020 10:44 AM

Subject: Threat actors spoof SecureAccess Washington in phishing emails

I wanted to update you on the latest information we have received concerning potential information security threats related to the coronavirus outbreak. Threat actors are sending fake Secure Access Washington (SAW) emails in an attempt to trick people into providing their account credentials.

In the phishing email example attached, users are told they have 24 hours to correct inaccurate information or their SAW account will be restricted. SAW administrators will never send users an email asking for validation of account details.

State Chief Information Security Officer Vinod Brahmapuram and WaTech’s Office of Cybersecurity team are monitoring the situation and will continue to communicate with your CISO and security contacts with any new developments. I encourage you to share this information with your employees.

This is a good opportunity to remind staff that cyberattacks often begin with phishing campaigns that try to trick employees into downloading malware or provide account credentials. Now, as always, it is important to be on the lookout for emails in both your personal and work email accounts that appear to be suspicious.

If you see any unusual activity in your state systems please immediately call WaTech’s state Office of Cybersecurity. As early information is vital during an attack, Washington state agencies should call OCS at 360-407-8800 (option #2) to report cybersecurity incidents or any suspected activity. Phishing emails should be sent to the OCS Security Operations Center at

Thank you for your continued efforts to keep Washington’s data safe and protect our networks from cyberattacks.

James Weaver 
Director and State CIO
Mailstop 41501
1500 Jefferson Street SE | Olympia, WA 98501-1504 
Office: 360-407-9150 |