University of Wisconsin–Madison
Laptop with multiple fish around a fishing pole on screen.

10/11 Phishing Alert! Subject: “Evaluation of State Retirement Benefits for University of Wisconsin System”

The UW–Madison Office of Cybersecurity is aware of active phishing campaigns on campus in which the attacker impersonates a consultant offering retirement advice. The email message asks recipients to click a link to schedule an appointment, or to unsubscribe. See the included text below.

From: REDACTED
Date: Tuesday, October 12, 2021 at 2:31 PM
To: REDACTED
Subject: Evaluation of State Retirement Benefits for University of Wisconsin System

Employee REDACTED,

Each year, as an employee of University of Wisconsin System you are eligible to schedule a phone call or teleconference meeting with a representative for answers to your specific state, federal and individual retirement benefit questions.

At your consultation you will be provided with information on what your potential income can be when you retire, and how much longer you may have to work. You will also receive advice on the best ways to utilize your options with your pension and/or Social Security benefits.

Please be sure to indicate which type of appointment you prefer (phone call or teleconference) in the notes section while scheduling. Please also include your direct cell phone number.

Appointments fill up quickly. Secure your spot by clicking on the link below or simply reply “yes” to this email.

Click Here [link redacted]

Licensed representatives are not employees of the college or state retirement system. All representatives are independent and licensed by the state department of insurance.

To opt out of future mailings, click on the following link:
Unsubscribe [link redacted]

The most recent phishing emails that look like this example were sent on the afternoon of Tuesday, October 12, but such attacks can occur at any time. Please be on the lookout for such scams. You can recognize them in the following ways:

  • Hover over links, without clicking them. Most email clients, including Outlook and O365 online will show the destination URL. In this case, the URL is clearly not associated with the University.
  • Inspect URLs closely. Some scammers will try tricking you out by including relevant sounding keywords like the name of the company they’re impersonating – look at the whole URL to make sure it includes a legitimate domain name in the correct placement, e.g., “wisc.edu.”
  • If in doubt, don’t click the link but browse directly to the legitimate, relevant website and look for confirmation of the email message.

What should I do if I accidentally clicked the link?

Immediately change your NetID password by following the instructions in NetID: Changing a Password (Source: KB 20589).

Reporting a phishing campaign

Finally, if you suspect a phishing campaign, please report it!  The best way to report spam and phishing attempts is with Outlook’s built-in reporting options. Get detailed instructions here.