Laptop with multiple fish around a fishing pole on screen.

Email phishing alert: Subject line “IT Desk Message Incident…”

Beginning on May 14, scammers sent a phishing email message to several people on campus that appears to be from the “IT Desk,” but was actually a forgery. The subject line reads “IT Security Update.” The body of the email contained a message beginning “Dear User, You have exceeded your limit, your account will stop receiving messages…” and prompts the recipient to open an attachment with the file name QRWisc.htm in order to stop deactivation. 

The full message reads:

From: [Redacted]
To:
Date: Sat 5/14/2022 11:55PM
Subject: IT Desk Message Incident #192214-New Messages Will return

Dear User,

You have exceeded your limit, your account will stop receiving messages. Incoming messages will return to the sender. To reset, see the attached file to this email, to avoid losing incoming messages.   

IT Desk
University of Wisconsin System
©2022
University of Wisconsin Madison banner and crest  

The incident number in the email text may vary.

If one clicks the attachment, they are taken to a webpage containing a form designed to harvest personal information. A  screenshot of that page follows:

A fake webform with the heading QUOTA RESET and data entry fields for name, email address, password and other personal information

This kind of email is difficult to detect and block with security tools because they come from actual compromised UW–Madison email accounts. For this reason, it’s vital that we are all vigilant against and able to recognize them.

Recognizing Phishing Email 

You can recognize this message by some of the classic signs of phishing emails:

  • The tone of the email conveys a sense of urgency. 
  • The email contains grammatical errors.
  • The email contains contextual errors, e.g., this email referred to the “IT Desk” instead of the “Help Desk.”

What to do if you receive a Phishing email message

If you receive a message like this, you can easily report it using the “report phishing” feature within the Office 365 web or desktop email client or by forwarding the email headers to abuse@wisc.edu

If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at 608-264-4357 for advice. 

If you or someone you know replied to such a message resulting in the loss of funds, report it to:

If you or someone you know responded to such an email and received a text message, ignore them or block them.

Additional references

Historical UW-Madison awareness on specific BEC campaigns: