Email fish on hook.

8/19 phishing alert! Subject: “Open position & student welfare”

The UW–Madison Office of Cybersecurity is aware of an active phishing campaign on campus. In it the attacker is advertising a part-time, work-from-home job with $500 weekly pay.

The email comes from a legitimate wisc.edu account and contains a link which leads to a Google form.

Note, many of the accounts used to send these scam messages aren’t yet enrolled in MFA-Duo, which offers a layer of protection against having your email compromised. Learn more about getting started with MFA-Duo.

An example email reads as follows. Please note this is one example; you may see a different variation, but this warning remains relevant.

From: REDACTED
Date: Saturday, August 19, 2023 at 9:53 AM
To: REDACTED
Subject: Open position & student welfare

Good Day Staff & Students. (University of Wisconsin–‍Madison)

This message is from the Campus Job Placement & Student Services. Under the work and study regulations of the University of Wisconsin Madison, we are pleased to inform you about the part-time offer. It’s a flexible part-time job. Weekly Pay is $500. All the tasks are working from home or in any location. You don’t need to travel somewhere, and you don’t need to have a car to get started. You can work from home, School, or any location. To Apply if you are interested :
TO APPLY
(Copy and paste the URL Below into the address bar of your web browser.)

rb.gy/9xlm2

FLEXIBLE HOURS. Must be organized and attentive to details.

Job Placement & Student Services
University of Wisconsin–‍Madison
Copyright ®️ 2023 All rights reserved.

The goal of such job scams is to trick the unwary into sending money to the scammer using a variety of pretenses, often involving fake checks.

Job scams tend to follow  patterns, often using the words “flexible,” “remote,” and “part-time” with weekly pay ranging usually in the few hundred dollars range. Many also include a link, which will usually redirect to a Google form that collects information your personal information – often non-UW email or cell numbers.

For more about recognizing job scams, see the following articles:

The most recent phishing emails of this type were seen on Saturday, August 19, but such attacks can occur at any time. Please be on the lookout for such scams.

Reporting a phishing campaign

Outlook users

To report phishing emails received via Outlook, please click the “Report Suspicious” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to the UW–Madison Cybersecurity Operations Center (CSOC).

Non-Outlook users

If you do not see the “Report Suspicious” button, then forward the message as an attachment  (Source: KB 34567) to abuse@wisc.edu. Please do not simply forward the questionable email, as this will prevent us from seeing the header of the message and make it difficult to take appropriate action.

For additional information, please refer to: Microsoft 365 – Report Suspicious message (Source: KB 45051).

If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it or click links or attachments in it! Instead, contact the DoIT Help Desk (608) 264-HELP (4357) and ask for advice.