Topics Map > Security
Topics Map > Microsoft 365 > Email
On Campus Phishing Campaign (Phishline)
What is phishing?
Phishing is the process of attempting to acquire sensitive information such as usernames, passwords or credit card details by masquerading as a trustworthy entity in an electronic communication. These are most often in the form of an email asking for personal information in order to "reactivate a suspended account" or "check on suspicious activity." Phishing emails often mimic the look and feel of an official email sent from an institution you trust, such as a bank, university, or credit card company. Although most "phishes" come as email, phishing scams can also come in the form of text messages and phone calls.
If you are not sure if the email is legitimate, call the company, bank, or university to verify that the email was sent from them. Remember: No university, bank, or company will ever ask you to verify personal information via email.
How am I generally protected from phishing emails?
To reduce the number of potentially malicious messages you receive, all inbound messages are scanned and rated. If it is determined a message has a high likelihood of being a phish, the message is moved into the user's Junk folder (unless the user overrides it).
Additionally, if phish/spam filter rules are also triggered, the message's Subject line is modified with (SCAM) and a warning prepended to the body of the message.Once messages are delivered to Inboxes, they are not scanned again by the email system.
Users may rely on endpoint software protection such as antivirus, but those systems can be evaded. Sometimes phishing emails get through because the phishing email is structured cleverly enough to look like a legitimate message. That is the whole point - to trick the recipient into thinking it is a legitimate email so that they fall for the trap. Follow these steps in determining if an email that you received is a phishing email or a legitimate email.
Phishing emails often:
- Urge you to take immediate action with some kind of threat
- Contain grammatical errors (but that's improving)
- Email is NOT digitally signed
- URLs are hyperlinked in text such as "Click Here"
- Images within the email link to a website
How to check if an email is phishing:
- Look the sender up in the UW campus directory.
- Google their name to see if they are who they say they are.
- If there are URLs or hyperlinks, hover the cursor over them, but DO NOT click them. Hovering over the link should display the actual URL and will help determine if the email is valid.
How to protect yourself from phishing attacks:
- Avoid opening attachments or clicking on any links in emails until you confirm the email is legitimate.
- Avoid forwarding the questionable email to others, asking them if they think it is a phishing email.
- Configure your email to NOT display any images without asking first. (Phishing emails can embed malicious code behind an image that will automatically download spyware, malicious code and other nasty stuff.)
- Send the questionable email to firstname.lastname@example.org or send a separate email to the supposed sender, not from the email itself.
- When you are unsure, ask!
How to Report a Phishing Attempt
To report general phishing emails, go to www.antiphishing.org.
To report phishing emails that appear to be from within the UW-Milwaukee campus, report the incident online, forward the message to email@example.com or contact the Help Desk
I mistakenly clicked a link and my account is now disabled
Please contact the UWM Help Desk at 877-381-3459, 414-229-4040 or via our online form at https://uwm.edu/technology/request-support/. Our Help Desk team members will be able to help!