fish caught in a net

Email phishing alert: subject line “ATTENTION!!!”

Beginning June 1, scammers sent a phishing email message to several people on campus that appears to come from a legitimate email account but is actually a forgery. The subject line reads “ATTENTION.” The body of the email describes a problem with the user’s Office 365 login and multiple university portals and contains several errors in punctuation and grammar. The body of the message also contains a link to a malicious webpage.

The full message reads:

From: [Redacted]
Date: Wednesday, June 1, 2022 8:52 AM

We notice that your office 365  has two info different logins with two universities portals. Kindly indicate the two info logins as soon as possible. To avoid termination of both logins within 24 hours,we expect your to strictly adhere and address it. You are advised to keep the same password using the button below to avoid losing your data. Click here

This kind of email is difficult to detect and block with security tools because they come from actual compromised UW–Madison email accounts. For this reason, it’s vital that we are all vigilant against and able to recognize them.

Recognizing Phishing Email 

You can recognize this message by some of the classic signs of phishing emails:

  • The tone of the email conveys a sense of urgency. 
  • The email contains grammatical errors.
  • The email contains contextual errors, e.g., this email referred to the “IT Desk” instead of the “Help Desk.”

What to do if you receive a phishing email message

If you receive a message like this, you can easily report it using the “report phishing” feature within the Office 365 web or desktop email client or by forwarding the email headers to

If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at 608-264-4357 for advice. 

If you or someone you know replied to such a message resulting in the loss of funds, report it to:

If you or someone you know responded to such an email and received a text message, ignore them or block them.

Additional references

Historical UW–Madison awareness on specific business email compromise (BEC) campaigns: