UW–⁠Madison Information Technology
Connecting & supporting our digital campus
Laptop with multiple fish around a fishing pole on screen.

6/28 Phishing Alert: Subject – “IRS Announces New Programs That Forgives Millions”

Posted by Kyle Henderson on June 28, 2021

This article was published on June 28, 2021 and has not been updated since. It remains published for archival purposes, but its subject matter may be out of date.

The UW–Madison Office of Cybersecurity is aware of an active phishing campaign on campus in which the attacker offers to “Check your Availability for the TAX Fresh Start Program.” See the screenshot below.

NOTE: The most recently reported phishing email like this example was sent June 28, but such attacks can occur at any time. Please be on the lookout.

Phishing scam Jun 28 IRS

How can I identify this phishing attempt?

  • The subject line contains a spelling/grammatical error: “Programs that forgives.”
  • The from address has nothing to do with the IRS. It’s from a penerith.com domain.
  • The URL behind the hyperlinked “check your availability” text goes to a non-IRS domain, also penerith.com.

Always scroll over each hyperlink

The most important habit to practice in order to protect yourself from phishing attempts is to always scroll over each hyperlink, whether words or URL, to see what web address the link actually goes to. When you scroll over a hyperlink, its destination URL displays as a tool tip.

What should I do if I receive this phishing attempt?

Outlook users:
To report phishing emails received via Outlook, please click the “Report Phish” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to the UW–Madison Cybersecurity Operations Center (CSOC). 

Non-Outlook users: 
If you do not see the “Report Phishing” button, then forward the message as an attachment  (Source: KB 34567) to abuse@wisc.edu. Please do not simply forward the questionable email, as this will prevent us from seeing the header of the message and make it difficult to take appropriate action.

For additional information, please refer to: Office 365 – Submit a message as spam/phishing (Source: KB 45051).

If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk (608) 264-HELP (4357) and ask for advice.

What should I do if I accidentally clicked one of the fake portal links?

Immediately change your NetID password by following the instructions in NetID: Changing a Password (Source: KB 20589).

How can I learn how to recognize other phishing attempts?

Go to Learn how to recognize and report phishing (Source: it.wisc.edu).

Stay updated on phishing attempts by visiting our Scam alerts page (Source: it.wisc.edu).