A thief with a fishing pole catching a key

8/25 Phishing Alert! Subject: “Notification”

The UW–Madison Office of Cybersecurity is aware of active phishing campaigns on campus in which the attacker impersonates a UW–Madison employee support unit. The campaign’s email messages ask recipients to click a link to visit a fake COVID-19 benefits site in order to validate their Bitcoin wallet, promising $7,750 worth of Bitcoin in financial assistance. See the included text below.

From: [REDACTED]
Date: Wed 8/25/2021 9:24 AM
Subject: Notification

In response to the current challenges due to the COVID-19 pandemic, the University of Wisconsin–Madison has decided to support all students and employees to get through these hard times.

The University of Wisconsin–Madison COVID-19 Support Program provides $7,750 worth of bitcoin to assist all qualifying students and employees who are experiencing financial hardship due to the coronavirus pandemic, starting from Wednesday, 25 August 2021.

Visit the University of Wisconsin COVID-19 Support page and validate your Bitcoin wallet to receive your payment.

Note:  This Covid-19 Support program is Powered by Bitcoin (₿) and the University of Wisconsin–Madison to help support amid the COVID-19 crisis.

Sincerely,

COVID-19 support team 

University of Wisconsin–Madison

The most recent phishing emails that look like this example were sent on the morning of Wednesday, August 25, but such attacks can occur at any time. Please be on the lookout for such scams. You can recognize them in the following ways:

  • Hover over links, without clicking them. Most email clients, including Outlook and O365 online will show the destination URL. In this case, the URL is clearly not associated with the University.
  • Inspect URLs closely. Some scammers will try tricking you out by including relevant sounding keywords like the name of the company they’re impersonating – look at the whole URL to make sure it includes a legitimate domain name in the correct placement, e.g., “wisc.edu.”
  • If in doubt, don’t click the link but browse directly to the legitimate, relevant website and look for confirmation of the email message.

What should I do if I accidentally clicked the link?

Immediately change your NetID password by following the instructions in NetID: Changing a Password (Source: KB 20589).

Reporting a phishing campaign

Outlook users:
To report phishing emails received via Outlook, please click the “Report Phish” button on the toolbar/ribbon located at the top of your page. This action will send the questionable email to the UW–Madison Cybersecurity Operations Center (CSOC). 

Non-Outlook users: 
If you do not see the “Report Phishing” button, then forward the message as an attachment  (Source: KB 34567) to abuse@wisc.edu. Please do not simply forward the questionable email, as this will prevent us from seeing the header of the message and make it difficult to take appropriate action.

For additional information, please refer to: Office 365 – Submit a message as spam/phishing (Source: KB 45051).

If you are ever unsure whether an email message is legitimate, DO NOT RESPOND to it! Instead, contact the DoIT Help Desk (608) 264-HELP (4357) and ask for advice.