University of Wisconsin–Madison

Beware the phish

Hi, I need you to run an errand for me. Please email me back, asap. – Jennifer Mnookin Receiving an email with that kind of text feels urgent, confusing and scary. You instinctively want to reach out and help, especially if it was sent to you by someone whose name you recognize or from an email address ending in @wisc.edu. Scammers are getting better at their craft and it’s more important than ever to learn how to recognize a phishing attempt and avoid being compromised.

Phishing warning signs

Phishing is a form of fraud where a scammer attempts to have you reveal personal, financial or confidential information by posing as a reputable entity via electronic communication. A phishing attempt will try to entice you to open an attachment or click on a link to a site that appears legitimate. Even if the request looks genuine, be skeptical.

Here are some warning signs of a phishing attempt:

  • The message is unsolicited and asks you to update, confirm or reveal personal information (e.g., full Social Security numbers, account numbers, NetID, passwords, protected health information).
  • The message creates a sense of urgency.
  • The message has an unusual From address or an unusual Reply-To address; it may also come from a compromised “@wisc.edu” address.
  • The (malicious) website URL doesn’t match the name of the institution it allegedly represents. For example, https://wisc.edu/… could be slightly changed to read: https://wIsc.ed/…).
  • The link in the pop-up doesn’t match the printed text.
  • The message may not be personalized. Valid messages from banks and other legitimate sources usually refer to you by name.
  • There may be grammatical errors.

How to report phishing

Outlook users:

To report phishing emails received via Outlook, please click the “Report Suspicious” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to our security team for review.

Non-Outlook users:

If you are using any non-Microsoft email client (e.g., Thunderbird, Apple Mail, Android/iOS native mail, etc.) or an older version of Outlook (2007/2010/2013), you will not see the “Report Suspicious” action button within the toolbar/ribbon. However, it is still possible to report the message as spam/phishing so that UW–‍Madison’s spam/phishing filtering system can adjust to catch similar messages in the future. To report a message as spam, forward the message to report-spam@doit.wisc.edu. For additional information, please refer to: Microsoft 365 – Report Suspicious message (Source: kb.wisc.edu). If you are ever unsure whether an email message is legitimate, or what you should do with it, do not respond to it! Instead, contact the DoIT Help Desk (Source: kb.wisc.edu) for advice. For more information regarding how to recognize and report phishing attempts, visit the Cybersecurity Awareness Month website (Source: cam.it.wisc.edu).