Criminal with a fishing pole stealing a folder labeled "personal data"

4/7 phishing alert! Subject: “Alert: Possible Exposure to Monkeypox Virus at the University”

The UW–Madison Office of Cybersecurity is aware of an active phishing campaign on campus in which the attacker impersonates the “Director of Health and Wellness Services.”

The email asks recipients to click a link leading to profile page for contact tracing, where they’re prompted to enter their NetID and password. Upon entering their credentials, users were encouraged to accept a Duo prompt.

The page at that link has been taken down, but scammers are persistent and may try again with another such site and a new round of emails. People who clicked on this link had their NetID logins used by scammers to change their direct deposit information, so don’t be fooled!

See the included email text below.

From: REDACTED
Sent: Thursday, April 6, 2023 5:53 PM
Subject: Alert: Possible Exposure to Monkeypox Virus at the University


I hope this email finds you well. I am writing to inform you that a staff member at the University has recently tested positive for the monkeypox virus. Our top priority is the safety and well-being of our community, and we are taking all necessary precautions to prevent the spread of the virus.

To ensure that appropriate measures are taken, we kindly request that you on the link below to view the staff member’s information. If you have been in close contact with them recently, please inform us immediately. Your prompt response is crucial in helping us contain the spread of the virus and keep our community safe.

View Staff Profile

Thank you for your prompt attention and cooperation during this time of heightened awareness regarding infectious diseases such as the monkeypox virus.

Sincerely,
NAME REDACTED
Director of Health and Wellness Services
University of Wisconsin
EMAIL ADDRESS & PHONE NUMBER REDACTED

We became aware of this campaign on April 6, 2023 but such attacks can occur at any time. Please be on the lookout for such scams. You can recognize them in the following ways:

  • Hover over links, without clicking them. Most email clients, including Outlook and O365 online will show the destination URL. In this case, the URL is clearly not associated with the University.
  • Inspect URLs closely. Some scammers will try tricking you out by including relevant sounding keywords like the name of the company they’re impersonating – look at the whole URL to make sure it includes a legitimate domain name in the correct placement, e.g., “wisc.edu.”
  • If in doubt, don’t click the link but browse directly to the legitimate, relevant website and look for confirmation of the email message.

What should I do if I accidentally clicked the link?

Immediately change your NetID password by following the instructions in NetID: Changing a Password (Source: KB 20589).

Reporting a phishing campaign

Outlook users:

To report phishing emails received via Outlook, please click the “Report Phish” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to the UW–Madison Cybersecurity Operations Center (CSOC).

Non-Outlook users:

If you do not see the “Report Phishing” button, then forward the message as an attachment  (Source: KB 34567) to abuse@wisc.edu. Please do not simply forward the questionable email, as this will prevent us from seeing the header of the message and make it difficult to take appropriate action.

For additional information, please refer to: Office 365 – Submit a message as spam/phishing (Source: KB 45051).

If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk (608) 264-HELP (4357) and ask for advice.

Update April 18, 2023:

The World Health Organization has renamed “monkeypox” to “mpox” saying the disease’s original name plays into “racist and stigmatizing language.” We have kept the scam email’s original phrasing in this article to better enable people to recognize this or similar scams. We don’t condone racist or stigmatizing language.