University of Wisconsin–Madison
Laptop with multiple fish around a fishing pole on screen.

Watch for a human resources phishing attempt

The UW–Madison Office of Cybersecurity is aware of an active phishing campaign in which the attacker impersonates the recipient’s  Human Resources department. While UW–Madison is not currently a target, please be vigilant if you receive an email from the Office of Human Resources inviting you to a Zoom meeting to discuss a “Contract Suspension/Termination Trial”.

How can I identify this phishing attempt?

  • Be on alert for an email with an invitation to attend a Zoom meeting to discuss your  Q1 performance with the topic “Contract suspension/Termination Trial”.
  • The email contains a link to a realistic Zoom login page hosted on a fake site such as  “zoom-emergency.myftp.org” as opposed to a “zoom.us” site. Links to the phishing page are hidden in text used in automated meeting notifications such as “Join this Live Meeting”.
  • The email directs you  to log in using your  email address and password in an attempt to steal your credentials. 
  • To view the sample “Contract suspension/Termination Trial“ Zoom phishing email go to: https://www.grahamcluley.com/urgent-zoom-meeting-hr-phishing/.

Remember: Never share your NetID password with anyone or use it on another site. 

What should I do if I receive this phishing attempt?

Use the option in Outlook to “Report a Phish” and it will be deleted from your inbox. For more details, see Office 365 – Submit a message as spam/phishing (Source: KB 45051)

What should I do if I accidentally clicked the “join” button?

Immediately change your NetID password by following the instructions in NetID: Changing a Password (Source: KB 20589).

How can I learn how to recognize other phishing attempts?

Go to Learn how to recognize and report phishing (Source: it.wisc.edu).

Stay updated on phishing attempts by visiting our Scam alerts page (Source: it.wisc.edu)

If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at https://kb.wisc.edu/helpdesk/ or at 608.264.4357 for advice. The UW–Madison Office of Cybersecurity will then block the criminal element from sending further emails and gather evidence for eventual prosecution of the crime.