Beginning on May 14, scammers sent a phishing email message to several people on campus that appears to be from the “IT Desk,” but was actually a forgery. The subject line reads “IT Security Update.” The body of the email contained a message beginning “Dear User, You have exceeded your limit, your account will stop receiving messages…” and prompts the recipient to open an attachment with the file name QRWisc.htm in order to stop deactivation.
The full message reads:
Date: Sat 5/14/2022 11:55PM
Subject: IT Desk Message Incident #192214-New Messages Will return
You have exceeded your limit, your account will stop receiving messages. Incoming messages will return to the sender. To reset, see the attached file to this email, to avoid losing incoming messages.
University of Wisconsin System
The incident number in the email text may vary.
If one clicks the attachment, they are taken to a webpage containing a form designed to harvest personal information. A screenshot of that page follows:
This kind of email is difficult to detect and block with security tools because they come from actual compromised UW–Madison email accounts. For this reason, it’s vital that we are all vigilant against and able to recognize them.
Recognizing Phishing Email
You can recognize this message by some of the classic signs of phishing emails:
- The tone of the email conveys a sense of urgency.
- The email contains grammatical errors.
- The email contains contextual errors, e.g., this email referred to the “IT Desk” instead of the “Help Desk.”
What to do if you receive a Phishing email message
If you receive a message like this, you can easily report it using the “report phishing” feature within the Office 365 web or desktop email client or by forwarding the email headers to firstname.lastname@example.org.
If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at 608-264-4357 for advice.
If you or someone you know replied to such a message resulting in the loss of funds, report it to:
- Cybersecurity Operations Center (CSOC) at email@example.com
- Departmental Leadership
- Departmental finance team (if used university funds)
- The UW–Madison Police Department
- Relevant Banking institution
If you or someone you know responded to such an email and received a text message, ignore them or block them.