Email fish on hook.

8/29 phishing alert! Subject: “School Job Offer”

The UW–Madison Office of Cybersecurity is aware of an active phishing campaign on campus. In it the attacker is advertising a part-time, work-from-home job with $400 pay for 2-3 hours of work.

The email comes from a legitimate account and contains a link to “Apply here” which leads to a Google form.

An example email reads as follows. Please note this is one example; you may see a different variation, but this warning remains relevant.

Date: Date: Monday, August 29, 2022 at 11:47 AM
Subject: School Job Offer

Approved Job for the School

Personal Assistant Service


All Email recipients of  University Of Wisconsin-Madison are encouraged to be a part of this amazing offer.  This is a part time job that will not affect your present employment or study at the campus & you’ll be working from home. It’s fun, rewarding, and flexible.

2-3 hours daily

Four Hundred Dollars ($400)

Part-Time Job


To apply, Be sure to visit the link below.

Apply Here

The goal of such job scams is to trick the unwary into sending money to the scammer using a variety of pretenses, often involving fake checks. For more about recognizing job scams, see the following articles:

The most recent phishing emails of this type were seen on Monday, August 29, but such attacks can occur at any time. Please be on the lookout for such scams.

What should I do if I accidentally opened the attachment?

Scan your device for viruses as a precaution.  See the Virus Information Center for details.

Reporting a phishing campaign

Outlook users:
To report phishing emails received via Outlook, please click the “Report Phish” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to the UW–Madison Cybersecurity Operations Center (CSOC).

Non-Outlook users: 
If you do not see the “Report Phishing” button, then forward the message as an attachment  (Source: KB 34567) to Please do not simply forward the questionable email, as this will prevent us from seeing the header of the message and make it difficult to take appropriate action.

For additional information, please refer to: Office 365 – Submit a message as spam/phishing (Source: KB 45051).

If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk (608) 264-HELP (4357) and ask for advice.