Phishing scam

5 ways to combat phishing attempts

No one is exempt from phishing attempts. Phishing is the use of email and fraudulent websites to trick people into disclosing personal financial or identity information, such as credit card or Social Security numbers, user names (e.g., NetID), passwords and addresses. Although most “phishes” come as email, phishing scams can also come in the form of text messages and phone calls.

The good news is that you can take steps to help prevent getting hacked.

How can you combat dangerous phishing attempts?

  1. Never give away personal information, especially username and password. UW–Madison will never ask for such information in a legitimate communication.
  2. Hover your cursor over hyperlinks to check the URL. DO NOT click it until you verify whether the URL is legitimate.
  3. Look for the tell-tail signs.
  4. If something sounds too good to be true, then it most likely is. This should serve as a sign that you may be the target of a phishing attempt.
  5. Verify the details such as address, phone numbers, etc. are correct by running an Internet search.

To Report Phishing

Outlook users:
To report phishing emails received via Outlook, please click the “Report Phish” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to the UW–Madison Cybersecurity Operations Center (CSOC). 

Non-Outlook users: 
If you do not see the “Report Phishing” button, then forward the message as an attachment  (Source: KB 34567) to Please do not simply forward the questionable email, as this will prevent us from seeing the header of the message and make it difficult to take appropriate action.

For additional information, please refer to: Office 365 – Submit a message as spam/phishing (Source: KB 45051).

If you are ever unsure whether an email message is legitimate, or what you should do with it, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk for advice.