University of Wisconsin–Madison
Phishing scam

5 ways to combat phishing attempts

No one is exempt from phishing attempts. Phishing is the use of email and fraudulent websites to trick people into disclosing personal financial or identity information, such as credit card or Social Security numbers, user names (e.g., NetID), passwords and addresses. Although most “phishes” come as email, phishing scams can also come in the form of text messages and phone calls.

The good news is that you can take steps to help prevent getting hacked.

How can you combat dangerous phishing attempts?

  1. Never give away personal information, especially username and password. UW–Madison will never ask for such information in a legitimate communication.
  2. Hover your cursor over hyperlinks to check the URL. DO NOT click it until you verify whether the URL is legitimate.
  3. Look for the tell-tail signs.
  4. If something sounds too good to be true, then it most likely is. This should serve as a sign that you may be the target of a phishing attempt.
  5. Verify the details such as address, phone numbers, etc. are correct by running an Internet search.

Who to contact with your questions, concerns or advice

  • If you have any questions regarding sensitive or restricted data, please contact your local IT staff or the DoIT Help Desk for guidance.
  • If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it or forward it to anyone! Instead, contact your local IT staff or the DoIT Help Desk and ask for advice.
  • Report any phishing emails to
  • To report emails that appear to be spam, forward the email to You can also submit offending email using the report spam feature within the web or desktop email client. Learn more about submitting misclassified messages.