Over the August 24 weekend, scammers sent phishing email messages to several people on campus. These messages appear to be legitimate but are actually forgeries. Variations of the email were sent from multiple, compromised accounts and with multiple subject lines, including:
- NOTICE BY IT ADMINISTRATOR TO VERIFY YOUR ACCOUNT
- Immediate Action Required: Office 365 Login Credentials
- ACTION NEEDED FROM IT ADMIN
The body of the email urges recipients to change their passwords. It contains errors in punctuation and grammar. The body of the message also contains a link to a malicious webpage.
The full message reads:
From: [Email address redacted]
Sent: Sunday, August 25, 2024 12:32 AM
Subject: NOTICE BY IT ADMINISTRATOR TO VERIFY YOUR ACCOUNT
Importance: High
Recently we have been seeing an increase in phishing attempts, to curb the spread of malware and viruses within our school mails, our IT department recommend you change your password and follow the instructions below. Your details are confidential and the university will keep your account secure for you. You will receive a follow up text once you have completed the form.
To secure your university outlook account or any other institution/work outlook accounts follow the instructions given below:
1. Visit [link redacted] and submit the form
2. Change your password and set a new one
3. Verify your identity when our IT Admin contacts you with the phone number you provide.
Your swift attention to this matter is greatly appreciated.
Best regards,
IT Administration
(Note: This email account is used for sending purposes only and is not monitored for replies.)
To unsubscribe from this group and stop receiving emails from it, send an email to edc+unsubscribe@g-groups.wisc.edu.
This kind of email is difficult to detect and block with security tools because they come from actual compromised UW–Madison email accounts. For this reason, it’s vital that we are all vigilant against and able to recognize them.
Recognizing Phishing Email
You can recognize this message by some of the classic signs of phishing emails:
- The tone of the email conveys a sense of urgency.
- The email contains grammatical errors.
- The email contains contextual errors, e.g., “IT Administrator” instead of “Division of Information Technology.”
What to do if you receive a phishing email message
If you receive a message like this, you can easily report it using the “report phishing” feature within the Office 365 web or desktop email client or by forwarding the email headers to abuse@wisc.edu.
If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at 608-264-4357 for advice.
If you or someone you know replied to a phishing message, resulting in the loss of funds, report it to:
- Cybersecurity Operations Center (CSOC) at cybersecurity@cio.wisc.edu
- Departmental Leadership
- Departmental finance team (if used university funds)
- The UW–Madison Police Department
- Relevant Banking institution
If you or someone you know responded to such an email and received a text message, ignore them or block them.
Additional references
- https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise
- https://www.sans.org/newsletters/ouch/ceo-fraud-bec/
- https://www.aarp.org/money/scams-fraud/info-2019/business-email-compromise.html