The UW–Madison Office of Cybersecurity is aware of an active phishing campaign on campus in which the attacker impersonates a UW–Madison entity purporting to offer significant pandemic-related financial assistance. See the screenshots below.
NOTE: The most recently reported phishing emails like these examples were sent June 26-28, but such attacks can occur at any time. Please be on the lookout.
How can I identify this phishing attempt?
First, both emails contains grammatical/spelling errors: “all eligible Faculties, Staffs and Students of The University of Wisconsin COVID-19 support” in Example 1 and “support all Student & employees to get through these hard times” in Example 2.
And most importantly, the URL behind the hyperlinked text in each email goes to a non-UW (wisc.edu) domain:
- “University COVID-19 Giveaway” goes to https://c-o-v-i-d-19-wisc.cabanova.com
- “UW COVID-19 Benefits” goes to https://green-dot-wisc.cabanova.com
Always scroll over each hyperlink
The most important habit to practice in order to protect yourself from phishing attempts is to always scroll over each hyperlink, whether words or URL, to see what web address the link actually goes to. When you scroll over a hyperlink, its destination URL displays as a tool tip.
What should I do if I receive this phishing attempt?
Use the option in Outlook to “Report a Phish” and it will be deleted from your inbox. For more details, see Office 365 – Submit a message as spam/phishing (Source: KB 45051).
What should I do if I accidentally clicked one of the fake portal links?
Immediately change your NetID password by following the instructions in NetID: Changing a Password (Source: KB 20589).
How can I learn how to recognize other phishing attempts?
Go to Learn how to recognize and report phishing (Source: it.wisc.edu).
Stay updated on phishing attempts by visiting our Scam alerts page (Source: it.wisc.edu).
If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk (608.264.4357) for advice. The UW–Madison Office of Cybersecurity will then block the criminal element from sending further emails and gather evidence for eventual prosecution of the crime.