Email icon and fishing hook

Learn How To Recognize and Report Phishing

 10 minutes to read & watch videos | Last updated August 17, 2022

Phishing is a form of fraud where a scammer attempts to have you reveal personal financial or confidential information by posing as a reputable entity in an electronic communication. Many scammers try to bait you by urging you to open an attachment or to respond immediately by clicking a web link that appears official (with all the familiar logos or corporate phrases). Even if the request looks genuine, be skeptical and look for these warning signs:

How to Recognize Phishing Attempts

 

 

1. The message is unexpected and asks you to update, confirm or reveal personal identity information (e.g., full Social Security Number, account numbers, NetID, passwords, protected health information).

Email with following message: Dear Faculty, Staff & Students, Your UW Madison Email account information needs to be updated in the database system to avoid deactivation. Click Update Email Account to update


 

 

 

2. The message creates a sense of urgency.

Email with the following message: Hello Your Email account will be De-activated shortly. To stop De-activation. Click Here. Thank you for your understanding. UW-Madison DoIT Help Desk.


 

 

3. The message may include an unusual “From” address or an unusual “Reply-To” address, it may even be a compromised “@wisc.edu” address. If you receive an email from someone you don’t normally communicate with (even if it’s from a @wisc.edu address), pay special attention to the other ways to detect its legitimacy.

Email showing unusual "from" address


 

 

 

4. The message includes links that don’t match the name of the organization that it allegedly represents. For example: https://wisc.edu could be slightly changed to read: https://wIsc.edu.

email message with a link that does not match the name of the organization that it allegedly represents.


 

 

 

5. The message includes grammatical errors (although scammers are getting better at this).

Email message with grammatical errors


 

 

 

6. The message is unexpected and offers an unbelievable job opportunity with great salary and perks. Yes, it’s too good to be true. This is a job scam.

Phishing email of a job scam

FAQs

This is an accordion element with a series of buttons that open and close related content panels.

What is a URL?

A Uniform Resource Locator or URL is a web resource that specifies its location on a computer network. It’s normally displayed in the address bar at the top of a browser in the following format:
https://www.it.wisc.edu/learn/securing-your-computer/

Here are the parts of this URL:

  • https:// = Protocol
  • www. = Host name
  • it.wisc.edu = Name of site
  • /learn/ = Directory path
  • securing-your-computer/ = Absolute path

How do I hover over a hyperlink to see where it goes?

Take your cursor and place it over the top of the hyperlink (without clicking). The hyperlink’s destination will appear on your computer screen.

For example: hover over this hyperlink: Securing Your Computer (Source: it.wisc.edu). The source states it’s from “it.wisc.edu”. As you hover over it you should see the following URL address on your computer screen: https://it.wisc.edu/learn/securing-your-computer/

How do I enable URL link previews in Safari?

  1. Launch Safari on your Mac.
  2. Go to View > Show Status Bar.
  3. The URL-peeking Status Bar should now appear at the bottom left of the window any time you hover over a hyperlink on the web page.

How do I enable URL link previews on iPhone or iPad?

  1. Open a page in Safari on your iPhone or iPad.
  2. Tap and hold any link on the page.
  3. If you’re running iOS 13, iPadOS 13, or higher, you will see a thumbnail preview of the page pop-up. To preview the URL instead, tap the “Hide Preview” button located at the top of the pop-up window.

How do I preview a link in Windows?

  1. To preview a link, simply tap and hold.
  2. You can toggle this feature on or off via Settings > Link Preview.

How can I preview links in the Chrome Android app?

  1. Go to any link on a web page and tap and hold on it until a menu pops up.
  2. Select the “Preview page” option from the list. A preview will open up and show at the very bottom of the screen.
  3. To fully open the preview, you can either tap on it or swipe upwards from the bottom.

How do I report Phishing?

Office 365 users:
To report phishing emails received via Outlook, please click the “Report Phish” button on the toolbar/ribbon located at the top of your page (or in the “…” for the newest version of O365). This action will send the questionable email to the UW–‍Madison Cybersecurity Operations Center (CSOC) for review.

Non Office 365 users: 
If you do not see the “Report Phishing” button, then forward the message as an attachment  (Source: KB 34567) to abuse@wisc.edu. Please do not simply forward the questionable email, as this will prevent us from seeing the header of the message and make it difficult to take appropriate action.

For additional information, please refer to: Office 365 – Submit a message as spam/phishing (Source: KB 45051).

If you are ever unsure whether an email message is legitimate, or what you should do with it, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk (Source: kb.wisc.edu) for advice.

What are the advantages of blocking automatic picture/image downloads in email messages?

  • Helps you avoid viewing potentially offensive material (when external content is linked to the message).
  • Helps to keep malicious code from damaging the data on your computer.
  • If you are on a low-bandwidth connection, blocking allows you to decide whether a particular image warrants the time and bandwidth that are required for downloading it.

Pictures in email messages that are actually linked and downloaded from the Internet can also be used as a way to confirm that you opened the message. This is known as a web beacon. For example, a junk email sender can confirm that they have reached an active email address when the picture/image in the message is downloaded.

Outlook on the web: How to block images/pictures from automatically downloading in an email?

“Outlook on the web” is when you access Office 365 from a browser (i.e., Chrome, Safari, Firefox, etc.). Fortunately, there is not a global setting to always download images/pictures for every message. Instead, you will see the message below and manage this option for every email or add the message sender to your safe sender’s list. Outlook on the web option to download email images

Once you select, “I trust content from …..” all future email images/pictures from that sender will automatically download.

Outlook for Windows: How to block images/pictures from automatically downloading in an email?

When viewing an email that contains images/pictures either within your preview window or its own window, you will have the option to either load the image/picture or add the sender to your safe sender’s list. Right click to download pictures or to add sender to safe sender’s list.

Outlook for Windows: option to download email images

Outlook for Mac: How to block images/pictures from automatically downloading in an email?

  1. On the Outlook menu, click Preferences
  2. Under Email, click Reading
  3. Next to Download external images, select Ask before downloading

Related Docs

More Guides on Cybersecurity Topics (Source: it.wisc.edu)