University of Wisconsin–Madison
A thief with a fishing pole catching a key

Warning: Active Phishing Campaigns

The UW–Madison Office of Cybersecurity is aware of active phishing campaigns on campus in which the attacker impersonates UW–Madison Information Technology service units. Two distinct phishing campaigns have been reported. See the screenshots below.

Both campaign’s email messages ask recipients to click a link to either update their email account or to verify their email address, depending on the variant received.  

Example 1

NOTE: This phishing campaign is ongoing, sent from different compromised accounts and leading to similar links to illegitimate sites/fake portals. The most recent phishing emails that look like this example were sent the evening of Tuesday, April 6 into early morning Wednesday, April 7, but the attacks can occur at any time. Please be on the lookout.

phishing email screenshot

Example 2

screenshot of a second variant of a phishing campaign email

How can I identify these phishing attempts?

  • Be on alert for an email purporting to be from either “from University of Wisconsin–Madison- Information Technology Services” or the “IT Help Desk.” Both include a request to click a link to either either verify your email address or update your email account.  
  • The email contains a link to a website that doesn’t have a domain. 
  • The email links to a fake web portal login screen.

What should I do if I receive this phishing attempt?

Use the option in Outlook to “Report a Phish” and it will be deleted from your inbox. For more details, see Office 365 – Submit a message as spam/phishing (Source: KB 45051)

What should I do if I accidentally clicked one of the fake portal links?

Immediately change your NetID password by following the instructions in NetID: Changing a Password (Source: KB 20589).

How can I learn how to recognize other phishing attempts?

Go to Learn how to recognize and report phishing (Source:

Stay updated on phishing attempts by visiting our Scam alerts page (Source:

If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at or at 608.264.4357 for advice. The UW–Madison Office of Cybersecurity will then block the criminal element from sending further emails and gather evidence for eventual prosecution of the crime.