Phishing Detection and Remediation

What is phishing?

Phishing is a form of fraud where a scammer attempts to have you reveal personal, financial, or confidential information by posing as a reputable entity in an electronic communication. Many scammers try to bait you by urging you to respond immediately by clicking a web link that appears official (with all the familiar logos or corporate phrases). Although most phishes come as email, phishing scams can also come in the form of text messages (SMShing) and phone calls (Vishing). Even if the request looks genuine or appears to be from someone you know, be skeptical and look for these warning signs.

Warning signs to help identify phishing attempts

  1. The message is unexpected and asks you to update, confirm, or reveal personal identity information (e.g., full Social Security Number, account numbers, NetID, passwords, protected health information).

  2. The message creates a sense of urgency.

  3. The message may include an unusual “From” address or an unusual “Reply-To” address. But be cautious, even if you recognize an email address, it could be a compromised account.

  4. The message includes links that don’t match the name of the organization that it allegedly represents. For example: "https://wisc.edu" could be slightly changed to read: "https://wIsc.edu".

  5. The message includes grammatical errors (although scammers are getting better at this).

What should I do, or be aware of, if I receive a questionable email?

  1. If you receive an email that you weren’t expecting or one that feels unusual, contact the person, and ask if the email is real. Just don’t use any contact information that’s within the email itself. Remember: No university, bank, or company will ever ask you to verify personal information via email.

  2. Do not open attachments or click on any links until you know for a fact that this is a legitimate email.

  3. Do not forward the questionable email to others asking them if they think it is a phishing email.

  4. If there are URLs or hyperlinks, hover the cursor over them, but DO NOT click on them. Your email client will display the actual URL destination. If the URL doesn’t match the site it claims to be sending you to, do not click on it. For detailed information on this topic, please see Learn How to Recognize and Report Phishing (Source: it.wisc.edu).

  5. Phishing emails can embed malicious code behind an image that will automatically download. Thus, configure your email client to NOT display any images without asking first.

  6. Relatively advanced emails can even tailor the email's content directly for the recipient.

What scams are hitting campus now?

Find out which scams are active at the Scam Alerts page (Source: it.wisc.edu)

How do I report spam/phishing

Outlook users:

To report spam/phishing emails received via Outlook, please click the “Report Suspicious” button (images shown below) in the top ribbon/toolbar, or click the ellipses (…) to expand a drop-down menus to see the new add-in. This action will send the questionable email to the security team for review.

report suspicious action button     or    MacOS report suspicious button

Non-Outlook users:

If you use a non-Microsoft supported email client (e.g., Thunderbird, Apple Mail, Android/iOS native mail, etc.) or an older version of Outlook (2007/2010/2013) you should simply forward the suspicious message to report-spam@doit.wisc.edu.

For additional information, please refer to: Microsoft 365 - Report Suspicious message (Source: KB 45051).

If you are ever unsure whether an email message is legitimate, or what you should do with it, do not respond to it! Instead, contact the DoIT Help Desk (Source: kb.wisc.edu) for advice.