Every month, beginning in late June, UW System will conduct a phishing awareness exercise for UW–Madison faculty and staff. This monthly phishing awareness exercise is a requirement for all UW System schools, per the UW System Board of Regents.
Please treat this phishing awareness exercise in the same manner as you would any other phishing attempt. Be skeptical and look for these warning signs:
- Message is unsolicited and asks you to update, confirm or reveal personal identity information (e.g., full SSN, account numbers, NetID, passwords, protected health information).
- Message creates a sense of urgency.
- Message has an unusual From address or an unusual Reply-To address instead of an @wisc.edu address.
- The (malicious) web site URL doesn’t match the name of the institution that it allegedly represents.
- The initial part of the URL doesn’t have an “s” after “http” indicating it is not a secure site.
- Link in the pop-up doesn’t match the printed text.
- Message is not personalized. Valid messages from banks and other legitimate sources usually refer to you by name.
- Grammatical errors.
To learn more about protecting yourself online, go to Scams To Avoid: Protecting Your Online Identity (Source: it.wisc.edu). Keep in mind that the best way to report spam and phishing attempts is with Outlook’s built-in reporting options. Get detailed instructions on how to submit a message as spam in Office 365.
If you are not using Outlook, it is still possible to report the message as spam/phishing, so that UW–Madison’s spam/phishing filtering system can be adjusted to catch similar messages in the future. To report a message as spam, forward the message as an attachment to report-spam@doit.wisc.edu. To report phishing, forward the message as an attachment to abuse@wisc.edu.
If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk and ask for advice.
If you have questions or comments, please contact cybersecurityawareness@cio.wisc.edu.