UW–⁠Madison Information Technology
Connecting & supporting our digital campus
fish caught in a net

2/9 Email phishing alert: Subject line “IT Security Update”

Posted by Office of Cybersecurity on February 9, 2022

This article was published on February 9, 2022 and has not been updated since. It remains published for archival purposes, but its subject matter may be out of date.

Beginning on February 8, scammers sent a phishing email message to several people on campus that appears to be from the DoIT Help Desk, but was actually a forgery. The subject line reads “IT Security Update.” The body of the email contained a message beginning “Your Email account will be De-activated shortly” and prompts the recipient to click a link to a bit.ly shortened  URL to stop deactivation. 

The full message reads:

From: [Redacted]
Reply-To: noreply@wisc.edu” <noreply@wisc.edu>
Date: Tuesday, February 8, 2022 at 9:01 PM
Subject: IT Security Update

Hello
 
Your Email account will be De-activated shortly.
To stop De-activation.

Click Here

Thank you for your understanding.

UW-Madison

DoIT Help Desk

DoIT Help Desk

There is another version of this email with a different link URL, its-support-wisc.weebly.com. When clicked, the link leads to a fake DoIT Login page:

Fake DoIT login form asking for first and lastname, email and password, with a submit button. The word password has incorrect accent makes and the image includes the text "powered by Weebly.

This kind of email is difficult to detect and block with security tools because it lacks tell-tales such as links or attachments and contains limited text. For that reason, it’s vital that we are all vigilant against and able to recognize them.

Recognizing Phishing Email 

You can recognize this message by some of the classic signs of phishing emails:

  • The tone of the email conveys a sense of urgency. 
  • The email contains grammatical errors

What to do if you receive a Phishing email message

If you receive a message like this, you can easily report it using the “report phishing” feature within the Office 365 web or desktop email client or by forwarding the email headers to abuse@wisc.edu

If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at 608-264-4357 for advice. 

If you or someone you know replied to such a message resulting in the loss of funds, report it to:

If you or someone you know responded to such an email and received a text message, ignore them or block them.

Tips for Leadership

Help protect the university and the people in your team, department, unit or division from BEC email scams: 

Establish ahead of time how:

  • Purchases are to be made and by whom
  • You will normally communicate, e.g., only from your @wisc.edu email 
  • Requests can be verified and by whom

Additional references

Historical UW-Madison awareness on specific BEC campaigns: