Beginning June 1, scammers sent a phishing email message to several people on campus that appears to come from a legitimate wisc.edu email account but is actually a forgery. The subject line reads “ATTENTION.” The body of the email describes a problem with the user’s Office 365 login and multiple university portals and contains several errors in punctuation and grammar. The body of the message also contains a link to a malicious webpage.
The full message reads:
From: [Redacted]
To:
Date: Wednesday, June 1, 2022 8:52 AM
Subject: ATTENTION
We notice that your office 365 has two info different logins with two universities portals. Kindly indicate the two info logins as soon as possible. To avoid termination of both logins within 24 hours,we expect your to strictly adhere and address it. You are advised to keep the same password using the button below to avoid losing your data. Click here
This kind of email is difficult to detect and block with security tools because they come from actual compromised UW–Madison email accounts. For this reason, it’s vital that we are all vigilant against and able to recognize them.
Recognizing Phishing Email
You can recognize this message by some of the classic signs of phishing emails:
- The tone of the email conveys a sense of urgency.
- The email contains grammatical errors.
- The email contains contextual errors, e.g., this email referred to the “IT Desk” instead of the “Help Desk.”
What to do if you receive a phishing email message
If you receive a message like this, you can easily report it using the “report phishing” feature within the Office 365 web or desktop email client or by forwarding the email headers to abuse@wisc.edu.
If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at 608-264-4357 for advice.
If you or someone you know replied to such a message resulting in the loss of funds, report it to:
- Cybersecurity Operations Center (CSOC) at cybersecurity@cio.wisc.edu
- Departmental Leadership
- Departmental finance team (if used university funds)
- The UW–Madison Police Department
- Relevant Banking institution
If you or someone you know responded to such an email and received a text message, ignore them or block them.
Additional references
- https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise
- https://www.sans.org/newsletters/ouch/ceo-fraud-bec/
- https://www.aarp.org/money/scams-fraud/info-2019/business-email-compromise.html