The UW–Madison Office of Cybersecurity is aware of an active phishing campaign in which the attacker impersonates the recipient’s Human Resources department. While UW–Madison is not currently a target, please be vigilant if you receive an email from the Office of Human Resources inviting you to a Zoom meeting to discuss a “Contract Suspension/Termination Trial”.
How can I identify this phishing attempt?
- Be on alert for an email with an invitation to attend a Zoom meeting to discuss your Q1 performance with the topic “Contract suspension/Termination Trial”.
- The email contains a link to a realistic Zoom login page hosted on a fake site such as “zoom-emergency.myftp.org” as opposed to a “zoom.us” site. Links to the phishing page are hidden in text used in automated meeting notifications such as “Join this Live Meeting”.
- The email directs you to log in using your email address and password in an attempt to steal your credentials.
- To view the sample “Contract suspension/Termination Trial“ Zoom phishing email go to: https://www.grahamcluley.com/urgent-zoom-meeting-hr-phishing/.
Remember: Never share your NetID password with anyone or use it on another site.
What should I do if I receive this phishing attempt?
Use the option in Outlook to “Report a Phish” and it will be deleted from your inbox. For more details, see Office 365 – Submit a message as spam/phishing (Source: KB 45051)
What should I do if I accidentally clicked the “join” button?
Immediately change your NetID password by following the instructions in NetID: Changing a Password (Source: KB 20589).
How can I learn how to recognize other phishing attempts?
Go to Learn how to recognize and report phishing (Source: it.wisc.edu).
Stay updated on phishing attempts by visiting our Scam alerts page (Source: it.wisc.edu)
If you are ever unsure whether an email message is legitimate, do not respond to it. Contact the DoIT Help Desk at https://kb.wisc.edu/helpdesk/ or at 608.264.4357 for advice. The UW–Madison Office of Cybersecurity will then block the criminal element from sending further emails and gather evidence for eventual prosecution of the crime.