Security Frequently Asked Questions

How do I report suspicious activity?
In your email:  to report a suspicious email, phone call or text that uses Washington Federal’s name, forward it to us immediately at: information.security@wafd.com.

On your statement:  to report fraudulent activity on your Washington Federal account, call your local branch or the Client Care Center at 800-324-9375.

Is the email that I send to Washington Federal secure?
The message you send to us using the Messaging form in the upper-right corner of  online banking is encrypted and secure.  If you send email to us through other sources, including from our website, it may not be secure.  We ask that you not send us confidential information, such as Social Security or account numbers, through unsecured email.  Please send communication with confidential information through postal mail, by calling the Client Care Center or by visiting your local branch.

What is email fraud?
Email fraud is a form of criminal activity that employs email to acquire sensitive personal information.  There are many types of email fraud. Phishing and spoofing email looks like official email (such as email from Washington Federal).  The purpose of the email can be to try to trick you into supplying personal account information in a return email, in a separate form attached to the email or by visiting a phony website using a link contained in the email message. The people attempting to get this information may use it to access your accounts directly in order to withdraw money or to open new accounts in your name using your information.

How can I identify email fraud (phishing and spoofing email)?
Recognizing email fraud is not always easy. The criminals who use email and online fraud to try and get your personal, financial or account information are adopting increasingly sophisticated techniques. Use caution when receiving unsolicited email containing urgent appeals for security or personal information and confirm the validity of email messages that appear to come from trusted sources. We will never ask you provide your Social Security number, ATM or debit card PIN or any other sensitive information in response to an email. If you receive an email from Washington Federal and you're not sure if it's real, don't click on any links in the email.

Ways to identify phishing and spoofing (fraudulent) emails include:

  • Links that appear to be Washington Federal links but aren’t. If you place your cursor over a link in a suspicious email, your email program most likely shows you the destination URL. Do not click the link, but look closely at the URL: A URL that is formatted washingtonfederal.anotherwebsitename.com is taking you to a location on anotherwebsitename.com. Just because “WashingtonFederal” is part of the URL does not guarantee that the site is an official Washington Federal site.
  • Requests for personal information. Washington Federal emails will never ask you to reply in an email with any personal information such as your Social Security number, ATM or PIN.
  • Urgent appeals. We will never claim your account may be closed if you fail to confirm, verify or authenticate your personal information via email.
  • A warning that someone has accessed your account without your permission or a notice that someone has used your account to conduct fraud.
  • Messages about system and security updates. We will never claim the need to confirm important information via email due to system upgrades.
  • Offers that sound too good to be true. We will never ask you to fill out a customer service survey in exchange for money, then ask you to provide your account number so you can receive the money.
  • Obvious typos and other errors. These are often the mark of fraudulent emails and websites. Be on the lookout for typos or grammatical errors, awkward writing and poor visual design.

If you receive a suspicious email that uses Washington Federal’s name, forward it to us immediately at information.security@wafd.com.

How do the criminals doing the phishing know I have an account with Washington Federal?
They may not know anything about you specifically, but they do know that Washington Federal has thousands of customers.  They send out emails to a large number of people and hope that some of them are actually Washington Federal customers. 

How do criminals obtain my email address?
Criminals obtain email addresses through various means, including purchasing email lists from reputable companies.  Often, they have no idea where you bank or who issues your credit card.  They just know that if they phish enough people, they will eventually get lucky.

How to I recognize fraudulent SMS text messages?
With the increase in SMS text messages for commercial communication, criminals are now using text message fraud. This is typically known as SMiShing—phishing that happens through SMS text messages. A criminal sends a text message intended to trick you into replying with financial or personal information or clicking on a link that will sneak a virus onto your mobile device. Follow these tips to be on guard against SMiShing:

  • Don’t respond to a text message that requests personal or financial information. Washington Federal often sends messages from SMS short numbers for alerts, but we will never ask you for personal or financial information in a text message.
  • Verify any phone number that appears in a text message. If you’re in doubt, call the Client Care Center at 800-324-9375.

If you receive what appears to be a fraudulent text message, we urge you to report it immediately:

  • Forward any Washington Federal-related messages to information.security@wafd.com. (Mobile carrier text and data charges may apply.) Include the number the message came from and a copy of the message itself.
  • Many carriers allow you to report spam by forwarding unsolicited text messages to 7726 (which spells SPAM). (Mobile carrier text and data charges may apply.) As with many other spam-reporting systems, this will help eliminate spam messages for everyone.

How do I recognize fraudulent phone calls?
One type of phone fraud is known “vishing”—phishing that happens through a phone call. A criminal calls and poses as a legitimate bank or trusted financial service and tries to trick you into providing your financial or personal information. Often the caller notifies you of a non-existent alert or some sort of urgent matter as a way to trick you.  Unfortunately, caller ID is not always a reliable way to confirm the identity of the caller.  Caller ID can be manipulated to make a call from one number appear to be from another number. Do not share any personal or financial information with anyone unless you are absolutely certain whom you’re speaking with.

If you have any doubt about the legitimacy of the call, hang up immediately and call our Client Care Center at 800-324-9375.

If you receive what appears to be a fraudulent phone call, we urge you to report it immediately by sending the phone number and any pertinent information to information.security@wafd.com. Be sure to include any relevant details, such as whether the suspicious caller attempted to impersonate Washington Federal and whether any personal or financial information was provided to the suspicious caller.