12/20 phishing alert! Subject: “Salary Increase Notification”

There’s an active phishing campaign on campus in which the attacker impersonates a payroll & employee relations specialist sending information about a pay increase. The email asks recipients to click a link, which opens a Google form. We strongly advise you not to click the link.

The scam emails come from a compromised wisc.edu email address, so don’t be fooled!

Here’s the phishing email’s content:

We became aware of this campaign on the morning of December 20, but such attacks can occur at any time. Please be on the lookout for such scams. This particular scam is recognizable as such because of its poor grammar, spelling and unusual characters or formatting. For example, this email spells Wisconsin with an extra “n”: Winsconsin. Such errors regularly occur in phishing campaigns and other scams.

Reporting a phishing campaign

Outlook users

To report phishing emails received via Outlook, please click the “Report Suspicious” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to the UW–Madison Cybersecurity Operations Center (CSOC).

Non-Outlook users

If you do not see the “Report Suspicious” button, then forward the message as an attachment  (Source: KB 34567) to abuse@wisc.edu. Please do not simply forward the questionable email, as this will prevent us from seeing the header of the message and make it difficult to take appropriate action.

Additional info

Please refer to: Office 365 – Submit a message as spam/phishing (Source: KB 45051).

If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk (608) 264-HELP (4357) and ask for advice.