UW–⁠Madison Information Technology
Connecting & supporting our digital campus
Criminal with a fishing pole stealing a folder labeled "personal data"

2/23 Phishing alert: Subject line “Watchtower Notification: Potential Exposure Detected”

Posted by Office of Cybersecurity on February 23, 2026

We received reports about a  impersonation phish concerning Watchtower, a service by 1Password. The phish pretends that an item in your 1Password account has been breached and encourages you to click a fake Watchtower link for more information.

This and similar phishing emails appear to come from a legitimate UW–‍Madison or vendor email addresses, and include urgent sounding requests. Unlike many phishing emails, this one uses good grammar and punctuation, so please be on your guard.

Full message

Watchtower Alert
Watchtower has detected that login credentials associated with one of your saved items may have appeared in a recent data breach.

This does not mean your 1Password account itself has been accessed — but we recommend reviewing the affected item and updating the password as a precaution.

Alert Details:
Affected site/service: google.com
Exposed data: Email address and password
Approximate breach date: January 2025
Recommended action: Update the password for this account and enable two-factor authentication if available.

Review in Watchtower

For full details and next steps, open the 1 Password app on your device and go to the Watchtower section. This is the safest way to review and update your information. We continuously monitor known data breaches to help keep your accounts protected.
Need help? Contact our support team

How to Protect Yourself

  1. Verify the Sender: Always check the sender’s email address carefully. Look for any discrepancies or unusual domains.
  2. Be Cautious with Links: Do not click on any links in suspicious emails. Instead, hover over the link to see the actual URL.
  3. Confirm with the Source: If you receive a Watchtower message, check Watchtower yourself to confirm or deny its legitimacy.
  4. Report Suspicious Emails: If you receive a message like this, you can easily report it using the “report-suspicious” feature within the Office 365 web or desktop email client or by forwarding the email headers to abuse@wisc.edu.

If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at 608-264-4357 for advice.

Read about other recent scams.