Learn how to recognize and report phishing

Last updated February, 2024

Phishing is a form of fraud where a scammer attempts to have you reveal personal financial or confidential information by posing as a reputable entity in an electronic communication. Many scammers try to bait you by urging you to open an attachment or to respond immediately by clicking a web link that appears official (with all the familiar logos or corporate phrases). Even if the request looks genuine, be skeptical and look for these warning signs:

How to recognize phishing attempts

1. The message is unexpected and asks you to update, confirm or reveal personal identity information (e.g., full Social Security Number, account numbers, NetID, passwords, protected health information).

Your UW Madison Email account information needs to be updated to avoid deactivation. Click Update Email Account


2. The message creates a sense of urgency.

Hello Your Email account will be De-activated shortly. To stop De-activation.


3. The message may include an unusual “From” address or an unusual “Reply-To” address, it may even be a compromised “@wisc.edu” address. If you receive an email from someone you don’t normally communicate with (even if it’s from a @wisc.edu address), pay special attention to the other ways to detect its legitimacy.

Email showing unusual "from" address


4. The message includes links that don’t match the name of the organization that it allegedly represents. For example, the URL “https://wisc.edu” could be slightly changed to read “https://wIsc.edu.”

email with a link that does not match the name of the organization that it allegedly represents.


5. The message includes grammatical errors (although scammers are getting better at this).

Email message with grammatical errors


6. The message is unexpected and offers an unbelievable job opportunity with great salary and perks. Yes, it’s too good to be true. This is a job scam.

Phishing email of a job scam

7. The message impersonates a university leader or colleague. The email asks an employee to contact them for an urgent or important task. That “urgent task” is likely a request to perform an action that results in monetary loss to the employee or the university or to reveal confidential information. Always follow university policies when you receive an usual purchase request. This type of phishing is called a Business Email Compromise (BEC).

A phishing email where the sender uses a fake email address.


This is an accordion element with a series of buttons that open and close related content panels.

What is a URL?

A Uniform Resource Locator or URL is a web resource that specifies its location on a computer network. It’s normally displayed in the address bar at the top of a browser in the following format:

Here are the parts of this URL:

  • https:// = Protocol
  • www. = Host name
  • it.wisc.edu = Name of site
  • /learn/ = Directory path
  • securing-your-computer/ = Absolute path

How do I hover over a hyperlink to see where it goes?

Take your cursor and place it over the top of the hyperlink (without clicking). The hyperlink’s destination will appear on your computer screen.

For example: hover over this hyperlink: Securing Your Computer (Source: it.wisc.edu). The source states it’s from “it.wisc.edu”. As you hover over it you should see the following URL address on your computer screen: https://it.wisc.edu/learn/securing-your-computer/

How do I enable URL link previews in Safari?

  1. Launch Safari on your Mac.
  2. Go to View > Show Status Bar.
  3. The URL-peeking Status Bar should now appear at the bottom left of the window any time you hover over a hyperlink on the web page.

How do I enable URL link previews on iPhone or iPad?

  1. Open a page in Safari on your iPhone or iPad.
  2. Tap and hold any link on the page.
  3. If you’re running iOS 13, iPadOS 13, or higher, you will see a thumbnail preview of the page pop-up. To preview the URL instead, tap the “Hide Preview” button located at the top of the pop-up window.

How do I preview a link in Windows?

  1. To preview a link, simply tap and hold.
  2. You can toggle this feature on or off via Settings > Link Preview.

How can I preview links in the Chrome Android app?

  1. Go to any link on a web page and tap and hold on it until a menu pops up.
  2. Select the “Preview page” option from the list. A preview will open up and show at the very bottom of the screen.
  3. To fully open the preview, you can either tap on it or swipe upwards from the bottom.

How do I report phishing?

Outlook users:

To report phishing emails received via Outlook, please click the “Report Suspicious” button (images shown below) in the top ribbon/toolbar, or click the ellipses (…) to expand a drop-down menus to see the new add-in. This action will send the questionable email to the security team for review.

report suspicious action button or MacOS report suspicious button

Non-Outlook users:

If you use a non-Microsoft supported email client (e.g., Thunderbird, Apple Mail, Android/iOS native mail, etc.) or an older version of Outlook (2007/2010/2013) you should simply forward the suspicious message to report-spam@doit.wisc.edu.

For additional information, please refer to: Microsoft 365 – Report Suspicious message (Source: KB 45051).

If you are ever unsure whether an email message is legitimate, or what you should do with it, do not respond to it! Instead, contact the DoIT Help Desk (Source kb: wisc.edu) for advice.

What are the advantages of blocking automatic picture/image downloads in email messages?

  • Helps you avoid viewing potentially offensive material (when external content is linked to the message).
  • Helps to keep malicious code from damaging the data on your computer.
  • If you are on a low-bandwidth connection, blocking allows you to decide whether a particular image warrants the time and bandwidth that are required for downloading it.

Pictures in email messages that are actually linked and downloaded from the Internet can also be used as a way to confirm that you opened the message. This is known as a web beacon. For example, a junk email sender can confirm that they have reached an active email address when the picture/image in the message is downloaded.

Outlook on the web: How to block images/pictures from automatically downloading in an email?

“Outlook on the web” is when you access Office 365 from a browser (i.e., Chrome, Safari, Firefox, etc.). Fortunately, there is not a global setting to always download images/pictures for every message. Instead, you will see the message below and manage this option for every email or add the message sender to your safe sender’s list. Outlook on the web option to download email images

Once you select, “I trust content from …..” all future email images/pictures from that sender will automatically download.

Outlook for Windows: How to block images/pictures from automatically downloading in an email?

When viewing an email that contains images/pictures either within your preview window or its own window, you will have the option to either load the image/picture or add the sender to your safe sender’s list. Right click to download pictures or to add sender to safe sender’s list.

Outlook for Windows: option to download email images

Outlook for Mac: How to block images/pictures from automatically downloading in an email?

  1. On the Outlook menu, click Preferences
  2. Under Email, click Reading
  3. Next to Download external images, select Ask before downloading

Related docs

More Guides on Cybersecurity Topics (Source: it.wisc.edu)