University of Wisconsin–Madison
A thief with a fishing pole catching a key

6/7 Phishing Alert: Subject – “support team”

The UW–Madison Office of Cybersecurity is aware of active phishing campaigns on campus in which the attacker impersonates UW–Madison employee support units. The campaign’s email messages ask recipients to click a link to visit a fake COVID-19 benefits site, promising $2,300 in financial assistance. See the included text below.

Date: Tuesday, June 15, 2021 at 1:03 PM
Subject: support team

In response to the current hardship in the community due to the COVID-19 pandemic, University of Wisconsin has decided to support all employees to get through these hard times.

The University of Wisconsin Employee Support Program provides $2300 in assistance for qualifying employees who are experiencing financial hardship due to the coronavirus pandemic, starting from today, Sunday, Jun 6th, 2021.

Visit the UW COVID-19 Benefits  [link removed for safety] page and follow all instructions carefully and enter the most appropriate details to successfully register.

Note:  This Covid-19 Support program is Powered by Green dot and University of Wisconsin to help support amid the COVID-19 crisis, supporting our employee and the communities are essential during these challenging times.

Note: To help provide immediate grants to qualifying employees an ID verification is required, for your application will not be processed if your ID isn’t verified.


COVID-19 support team
University of Wisconsin
Employee support program
Land-grant university in
Madison, Wisconsin

The most recent phishing emails that look like this example were sent on the morning of Monday, June 7, but such attacks can occur at any time. Please be on the lookout for such scams. You can recognize them in the following ways:

  • Hover over links, without clicking them. Most email clients, including Outlook and O365 online will show the destination URL. In this case, the URL is clearly not associated with the University.
  • Inspect URLs closely. Some scammers will try tricking you out by including relevant sounding keywords like the name of the company they’re impersonating – look at the whole URL to make sure it includes a legitimate domain name in the correct placement, e.g., “”
  • If in doubt, don’t click the link but browse directly to the legitimate, relevant website and look for confirmation of the email message.

What should I do if I accidentally clicked the link?

Immediately change your NetID password by following the instructions in NetID: Changing a Password (Source: KB 20589).

Reporting a phishing campaign

Finally, if you suspect a phishing campaign, please report it!  The best way to report spam and phishing attempts is with Outlook’s built-in reporting options. Get detailed instructions here.