Phishing Detection and Remediation

What is phishing and what are some of the warning signs you should look for? Learn what action steps you should take when you receive a phishing email and the easiest way to report a phishing attempt on campus.

What is phishing?

Phishing is a form of fraud where a scammer attempts to have you reveal personal, financial, or confidential information by posing as a reputable entity in an electronic communication. Many scammers try to bait you by urging you to respond immediately by clicking a web link that appears official (with all the familiar logos or corporate phrases). Although most phishes come as email, phishing scams can also come in the form of text messages (SMShing) and phone calls (Vishing). Even if the request looks genuine or appears to be from someone you know, be skeptical and look for these warning signs.

Warning signs to help identify phishing attempts

  1. The message is unexpected and asks you to update, confirm, or reveal personal identity information (e.g., full Social Security Number, account numbers, NetID, passwords, protected health information).

  2. The message creates a sense of urgency.

  3. The message may include an unusual “From” address or an unusual “Reply-To” address. But be cautious, even if you recognize an email address, it could be a compromised account.

  4. The message includes links that don’t match the name of the organization that it allegedly represents. For example: "https://wisc.edu" could be slightly changed to read: "https://wIsc.edu".

  5. The message includes grammatical errors (although scammers are getting better at this).

  6. The message is unexpected and offers an unbelievable job opportunity with great salary and perks. Yes, it's too good to be true. This is a job scam.

  7. The message impersonates a university leader or colleague. The email asks an employee to contact them for an urgent or important task. That “urgent task” is likely a request to perform an action that results in monetary loss to the employee or the university or to reveal confidential information. Always follow university policies when you receive an usual purchase request. This type of phishing is called a Business Email Compromise (BEC).

What should I do, or be aware of, if I receive a questionable email?

  1. If you receive an email that you weren’t expecting or one that feels unusual, contact the person, and ask if the email is real. Just don’t use any contact information that’s within the email itself. Remember: No university, bank, or company will ever ask you to verify personal information via email.

  2. Do not open attachments or click on any links until you know for a fact that this is a legitimate email.

  3. Do not forward the questionable email to others asking them if they think it is a phishing email.

  4. If there are URLs or hyperlinks, hover the cursor over them, but DO NOT click on them. Your email client will display the actual URL destination. If the URL doesn’t match the site it claims to be sending you to, do not click on it. For detailed information on this topic, please see Learn How to Recognize and Report Phishing (Source: it.wisc.edu).

  5. Phishing emails can embed malicious code behind an image that will automatically download. Thus, configure your email client to NOT display any images without asking first.

  6. Relatively advanced emails can even tailor the email's content directly for the recipient.

I clicked on a phishing email. Now what should I do?

  1. Don’t provide any personal information: If the link has taken you to a page asking you to fill in your details, do not fill it out. This gives the hacker precisely what they are after. 

  2. Disconnect from the internet: Clicking on the link may have triggered malware to be downloaded, so disconnect from whatever WiFi you're using.This can stop malware from moving across the network onto other devices.

  3. Get help from the experts: Contact the HelpDesk (Source: kb.wisc.edu). Explain what happened (don’t worry, we’re all human and we’ve all been there) and ask what you need to do to protect your data.

  4. Enable your built-in antivirus software: to learn how go to Antivirus software for personally owned devices (Source: it.wisc.edu)

    • For personal devices: If you don’t have any malware scanning software on your device, go to Security - Available Software for Personally Owned Devices  (Source: kb.wisc.edu/63977). You should use another device to download the software online and then, with a USB, transfer it across to the affected device. Don’t reconnect the original device to the internet until you have scanned your system to avoid any malware spreading.
    • For UW-owned devices: Contact your local IT or the Help Desk (Source: kb.wisc.edu) for assistance. 
  5. Change Passwords: Hackers can access your credentials via phishing links, so if you think you clicked on one, changing your online passwords, particularly to things like bank accounts, is essential to avoid further damage. 

  6. Enable two-factor or Multi-factor Authentication (if possible) for an extra layer of protection.

    • Enable two-factor or multi-factor authentication (if possible) for an extra layer of protection. Be sure to enable Duo if you haven't already, and consider setting up two-factor authentication on your other accounts whenever possible.
  7. Don’t reuse the same passwords across accounts, as this makes it even easier for a hacker to wreak havoc. 

  8. Create strong, unique passwords or a passphrase and use a password manager to keep track of them. Go to Password manager - LastPast Enterprise (Source: it.wisc.edu) for more information.

  9. Check if your other email accounts have been compromised by going to have i been pwned? (Source: haveibeenpwned.com)

What scams have hit campus recently?

To see what types of scams have hit campus, go to the Scam Alerts page (Source: it.wisc.edu)

How do I report spam/phishing

Outlook users:

To report spam/phishing emails received via Outlook, please click the “Report Suspicious” button (images shown below) in the top ribbon/toolbar, or click the ellipses (…) to expand a drop-down menus to see the new add-in. This action will send the questionable email to the security team for review.

report suspicious action button     or    MacOS report suspicious button

Non-Outlook users:

If you use a non-Microsoft supported email client (e.g., Thunderbird, Apple Mail, Android/iOS native mail, etc.) or an older version of Outlook (2007/2010/2013) you should simply forward the suspicious message to report-spam@doit.wisc.edu.

For additional information, please refer to: Microsoft 365 - Report Suspicious message (Source: KB 45051).

If you are ever unsure whether an email message is legitimate, or what you should do with it, do not respond to it! Instead, contact the DoIT Help Desk (Source: kb.wisc.edu) for advice.



Keywords:
phish university bank company scams suspicious suspended disabled digitally signed junk folder filter 
Doc ID:
52781
Owned by:
Kim M. in Cybersecurity
Created:
2015-06-18
Updated:
2024-09-22
Sites:
Cybersecurity Operations Center, DoIT Help Desk, Microsoft 365, Office of Cybersecurity