Phishing Detection and Remediation
What is phishing?
Phishing is a form of fraud where a scammer attempts to have you reveal personal, financial, or confidential information by posing as a reputable entity in an electronic communication. Many scammers try to bait you by urging you to respond immediately by clicking a web link that appears official (with all the familiar logos or corporate phrases). Although most phishes come as email, phishing scams can also come in the form of text messages (SMShing) and phone calls (Vishing). Even if the request looks genuine or appears to be from someone you know, be skeptical and look for these warning signs.
Warning signs to help identify phishing attempts
- The message is unexpected and asks you to update, confirm, or reveal personal identity information (e.g., full Social Security Number, account numbers, NetID, passwords, protected health information).
- The message creates a sense of urgency.
- The message may include an unusual “From” address or an unusual “Reply-To” address. But be cautious, even if you recognize an email address, it could be a compromised account.
- The message includes links that don’t match the name of the organization that it allegedly represents. For example: "https://wisc.edu" could be slightly changed to read: "https://wIsc.edu".
- The message includes grammatical errors (although scammers are getting better at this).
What should I do, or be aware of, if I receive a questionable email?
- If you receive an email that you weren’t expecting or one that feels unusual, contact the person, and ask if the email is real. Just don’t use any contact information that’s within the email itself. Remember: No university, bank, or company will ever ask you to verify personal information via email.
- Do not open attachments or click on any links until you know for a fact that this is a legitimate email.
- Do not forward the questionable email to others asking them if they think it is a phishing email.
- If there are URLs or hyperlinks, hover the cursor over them, but DO NOT click on them. Your email client will display the actual URL destination. If the URL doesn’t match the site it claims to be sending you to, do not click on it. For detailed information on this topic, please see Learn How to Recognize and Report Phishing (Source: it.wisc.edu).
- Phishing emails can embed malicious code behind an image that will automatically download. Thus, configure your email client to NOT display any images without asking first.
- Relatively advanced emails can even tailor the email's content directly for the recipient.
What scams are hitting campus now?
Find out which scams are active at the Scam Alerts page (Source: it.wisc.edu)
How do I report Phishing?
Office 365 users:
To report phishing emails received via Outlook, please click the “Report Phish” button on the toolbar/ribbon located at the top of your page (or in the “…” for the newest version of O365). This action will send the questionable email to the UW–Madison Cybersecurity Operations Center (CSOC) for review.
Non Office 365 users:
If you do not see the “Report Phishing” button, then forward the message as an attachment (Source: KB 34567) to firstname.lastname@example.org. Please do not simply forward the questionable email, as this will prevent us from seeing the header of the message and make it difficult to take appropriate action.
For additional information, please refer to: Office 365 – Submit a message as spam/phishing (Source: KB 45051).
If you are ever unsure whether an email message is legitimate, or what you should do with it, do NOT respond to it! Instead, contact the DoIT Help Desk (Source: kb.wisc.edu) for advice.