There’s an active phishing campaign on campus in which the attacker impersonates a payroll & employee relations specialist sending information about a pay increase. The email asks recipients to click a link, which opens a Google form. We strongly advise you not to click the link.
The scam emails come from a compromised wisc.edu email address, so don’t be fooled!
Here’s the phishing email’s content:
Subject line: Salary Increase Notification
Sequel to last week notification, find enclosed here-under the letter summarizing your 16.89 percent salary increase starting 20 December 2023
All documents are enclosed here-under:
NOTE: Your Access is needed to go through the salary increment letter
View files here [a link in the phishing letter]
Payroll & Employee Relations
University of Winsconsin
We became aware of this campaign on the morning of December 20, but such attacks can occur at any time. Please be on the lookout for such scams. This particular scam is recognizable as such because of its poor grammar, spelling and unusual characters or formatting. For example, this email spells Wisconsin with an extra “n”: Winsconsin. Such errors regularly occur in phishing campaigns and other scams.
Reporting a phishing campaign
To report phishing emails received via Outlook, please click the “Report Suspicious” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to the UW–Madison Cybersecurity Operations Center (CSOC).
If you do not see the “Report Suspicious” button, then forward the message as an attachment (Source: KB 34567) to firstname.lastname@example.org. Please do not simply forward the questionable email, as this will prevent us from seeing the header of the message and make it difficult to take appropriate action.
Please refer to: Office 365 – Submit a message as spam/phishing (Source: KB 45051).
If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk (608) 264-HELP (4357) and ask for advice.