Phishing Detection and Remediation
Phishing is the process of attempting to acquire sensitive information such as usernames, passwords or credit card details by masquerading as a trustworthy entity in an electronic communication.
These are most often in the form of an email asking for personal information in order to "reactivate a suspended account" or "check on suspicious activity." Phishing emails often mimic the look and feel of an official email sent from an institution you trust, such as a bank, university, or credit card company. Although most "phishes" come as email, phishing scams can also come in the form of text messages and phone calls. If you are not sure if the email is legitimate, call the company, bank, or university to verify that the email was, in fact, sent from them.
Remember: No university, bank, or company will ever ask you to verify personal information via email.
Components often found in Phishing Emails
- Sender is someone you don't know who's urging you to take immediate action with some kind of threat
- Grammatical errors (but that's improving)
- Email is NOT digitally signed
- URL's are hyperlinked in text such as "Click Here"
- Images within the email
Determining email legitimacy
- If claiming to be UWM staff or student, look them up in the UWM campus directory. Otherwise, Google their name to see if they are who they say they are.
- Avoid opening attachments or clicking on any links until you know for a fact that this is a legitimate email.
- Avoid forwarding the questionable email to others asking them if they think it is a phishing email.
- If there are URLs or hyperlinks, hover the cursor over them, but DO NOT click on it. Your email client will display the actual URL and it will give you an indication if this is legitimate or not.
- Phishing emails can embed malicious code behind an image that will automatically download. Thus, configure you email client to NOT display any images without asking first.
- Relatively advanced emails can even tailor the email's content directly for the recipient.
- If you still have doubts about the legitimacy of the email contact the help desk to follow proper procedures on identifying the source of this email and its legitimacy.
How to Report a Phishing Attempt
To report general phishing emails, please follow the steps in the Phishing Reporting Procedure article. If you have mistakenly interacted with a phishing email (e.g., responded to, clicked an embedded link, provided personal information), please call the UWM Help Desk at 414-229-4040 or dial the Toll Free Number: 877-381-3459.