A new phishing attack on a Big Ten university reminds us to look out for scam emails, in particular, ones that state they are from the IRS.
Security experts at the University of Michigan are reporting a recent pair of phishing attacks. While the attacks are not directly related to UW-Madison, we have been advised to be on the lookout for similar scams.
At the University of Michigan, the attacker has used compromised accounts to send the emails and collect information through a Google Form. The attacks stated they were “from the IRS,” but included a U of M email.
A second phish attempt was aimed at faculty, asking for a copy of a person’s paper. A link from the email led to a phony copy of the U of M login page. This attempt appears to be more transparent to the user, as many seem to recognize the scam and change their password immediately.
There is a concern that as University of Michigan security experts continue to shut down the attacker, they may move on to other campuses.
- Remember when logging in with your NetID, the URL starts with “https://login.wisc.edu“.
- Never enter your NetID and password if you see a URL that doesn’t start with “https://login.wisc.edu”.
Make sure you are aware of what phishing is, and how to identify phishing attempts in your email.