UW–⁠Madison Information Technology
Connecting & supporting our digital campus
Criminal with a fishing pole stealing a folder labeled "personal data"

4/8 Phishing alert: Subject line “Subject: University of Wisconsin–‍Madison.Act Now”

Posted by Office of Cybersecurity on April 9, 2025

We have recently identified a phishing scam targeting UW–‍Madison account holders. This scam email purports to be a message from IT warning users that their account is about to be deactivated due to retirement, graduation or transfer. The scammer’s intent is to fool recipients into clicking a link and entering their personal data into a Google form.

This and similar phishing emails appear to come from a legitimate UW–‍Madison email addresses, and include urgent requests with threatening subjects like account deactivation. As with many phishing emails, this one contains grammar and punctuation errors.

Full message

From: [REDACTED]
Date: Tuesday, April 8, 2025 at 3:17 PM
To:
Subject: University of Wisconsin–‍Madison.Act Now

Your account has been filed under the list of accounts set for deactivation due to retirement/graduation/or transfer of the concerned account holder. But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your university account, please Verify your email immediately to avoid deactivation.

Please use the following link :

If the above URL does not work, try copying and pasting it into your browser. Google Chrome Browser/Opera browser/Mozilla Firefox/Safari Web browser/ Edge browser etc.

( https://forms.gle/W84W4TvvNnzn55wu6 )

WISC ON FORM CONTENT MEANS==== PASSWORD.

Please note the one-time submission and entry only..

How to Protect Yourself

  1. Verify the Sender: Always check the sender’s email address carefully. Look for any discrepancies or unusual domains.
  2. Be Cautious with Links: Do not click on any links in suspicious emails. Instead, hover over the link to see the actual URL.
  3. Confirm with the Source: If you receive an unexpected Zoom invitation, contact the sender directly through a known and trusted communication channel to verify its legitimacy.
  4. Report Suspicious Emails: If you receive a message like this, you can easily report it using the “report phishing” feature within the Office 365 web or desktop email client or by forwarding the email headers to abuse@wisc.edu.

If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at 608-264-4357 for advice.