As we return to campus for another wonderful year, the amount of email in our inboxes is set to rise. It’s important that we’re cautious when it comes to digital security—and to remain aware of potential phishing scams, their warning signs, and what to do if we get caught in one.
What is phishing?
Phishing is a form of fraud where a scammer attempts to have you reveal personal, financial or confidential information by posing as a reputable entity via electronic communication. A phishing attempt will try to entice you to open an attachment or click on a link to a site that appears legitimate. Even if the request looks genuine, be skeptical.
Here are some warning signs of a phishing attempt:
- The message is unsolicited and asks you to update, confirm or reveal personal information (eg, full Social Security numbers, account numbers, NetID, passwords, protected health information).
- The message creates a sense of urgency.
- The message has an unusual From address or an unusual Reply-To address; it may also come from a compromised “@wisc.edu” address.
- The message may not be personalized. Valid messages from banks and other legitimate sources usually refer to you by name.
- There may be grammatical errors.
How to report a phishing attempt?
Outlook users:
To report phishing emails received via Outlook, click the “Report Suspicious” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to our security team for review.
Non-Outlook users:
If you are using any non-Microsoft email client (eg, Thunderbird, Apple Mail, Android/iOS native mail, etc), you will not see the “Report Suspicious” action button. However, it is still possible to report the message as spam/phishing by forwarding it to report-spam@doit.wisc.edu.
What else?
For additional information on how to avoid phishing, smishing or other forms of scams, check out the following articles: