Phishing is a form of fraud where a scammer attempts to have you reveal personal financial or confidential information by posing as a reputable entity in an electronic communication. Many scammers try to bait you by urging you to respond immediately by clicking a web link that appears official (with all the familiar logos or corporate phrases). Even if the request looks genuine, be skeptical and look for these warning signs:
- The message is unsolicited and asks you to update, confirm or reveal personal identity information (e.g., full SSN, account numbers, NetID, passwords, protected health information).
- The message creates a sense of urgency.
- The message has an unusual From address or an unusual Reply-To address instead of a “@wisc.edu” address.
- The (malicious) web site URL doesn’t match the name of the institution that it allegedly represents.
- The web site doesn’t have an “s” after “http//:” indicating it is not a secure site.
- The link in the pop-up doesn’t match the printed text.
- The message is not personalized. Valid messages from banks and other legitimate sources usually refer to you by name.
- There are grammatical errors.
To Report Phishing or Spam
To report general phishing emails, go to www.antiphishing.org. To report phishing emails that appear to be from within the UW-Madison campus, go to Report an Incident or forward the email to email@example.com. You can also submit offending email using the report spam feature within the web or desktop email client. Learn more about submitting misclassified messages.
If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk (608) 264-HELP (4357) and ask for advice.
This article was updated on May 14, 2018.