Criminal with a fishing pole stealing a folder labeled "personal data"

Scam alert: phishing attempts to access NetID & MFA-Duo credentials

We want to alert you to a recent sophisticated phishing attack the Office of Cybersecurity has become aware of. This email scam incorporates subject lines similar to:

Important Safety Notice – Potential Exposure at the University of Wisconsin <school name> 

URGENT UPDATE: Preventing Virus Spread at UW <school name>

This phishing attempt has not been active on the UW–Madison campus, but we ask you to remain vigilant against these types of attacks.

This phishing email asks you to click on a link that takes you to a cloned UW–Madison NetID login page. Once you enter your username and password on the cloned site and accept a Duo push (or provide a Duo passcode), the criminals have access to your personal information protected by your NetID. With access to this information, criminals could take actions such as rerouting your direct deposit information.

If you receive a suspicious email that includes a sense of urgency, please be cautious and do not click on any links. Report suspected phishing attempts to the UW–Madison Office of Cybersecurity (see guide with instructions below).

In addition, if you receive a Duo Mobile notification on your device that you are not expecting, tap Deny and then tap “Yes” to the “Was this a suspicious login?” question. For more information on how to detect and report phishing attempts and other scams, go to the Learn how to recognize and report phishing guide (source:

If you are ever unsure whether an email message is legitimate, or what you should do with it, do not respond to it! Instead, contact the DoIT Help Desk (source kb: for advice.

—UW–Madison Office of Cybersecurity