To report a IT security incident or concern, contact the Help Desk at 262-472-HELP(4357) or via email at helpdesk@uww.edu.
If you accidentally click on a link of a suspicious email or share your credentials, immediately contact the Help Desk. In the event that your account is compromised, ICIT will reset your password and freeze outgoing email functionality in order to protect other users. Once ICIT cleans up your account, it may take up to two business days for outgoing email access to be restored.
Phishing scams are designed to trick recipients into sharing login credentials in order to gain access to the recipients account. Another common method of gaining access to sensitive information is to send the recipient an attachment containing a virus that infects the computer. The viruses can be designed to:
The senders of these malicious emails typically go to great lengths to make the malicious email look like a legitimate email. Often this is accomplished by using a logo or branding from a legitimate company or entity, or by "spoofing" a trusted email address to make it the email appear legitimate. Once an email account is compromised, it is often used to bombard other email users with the same malicious email.
This phishing message attempts to mimic a common automated message.
|
This phishing email attempts to mimic a message from a real company by utilizing the company's logo in the email header. Users who click the link are rerouted to a legitimate-looking webpage asking them to login. Rather than logging into the company's portal, the user is inadvertently providing their login credentials (e.g. - NetID and password). |
This malicious email spoofs a UWW.edu email address in an attempt to make it appear like it was sent from a campus email account. The file attached to this email contained a virus. |
This phishing email attempts to leverage an existing company's brand in order to appear legitimate. Notice how another compromised account was used to send this malicious email |
If you receive an unsolicited job offer via email, there is a good chance it may be phony. Especially if it is too good to be true.
Here is how employment scams work:
If you receive a suspicious email - DO NOT OPEN ANY ATTACHMENTS, CLICK LINKS OR REPLY TO THE EMAIL. The best way to combat malicious emails is to report them so they can be blocked from the campus email server and reported to appropriate watchdog agencies.
Using the method below helps retain forensic information used to combat phishing and other types of malicious emails. If you are unable report suspicious emails using the methods described below, you can also forward the message to: suspiciousemail@uww.edu.
For assistance with reporting suspicious emails, please contact the Help Desk at helpdesk@uww.edu or Ext. HELP (4357).
To help maintain the highest levels of network security, ICIT employs multiple methods of educating and warning members of the campus community of new and potential threats.
External Email Tag: In an ongoing effort to combat phishing and email scams, ICIT has enhanced its external email tag to help identify when an email originates from an off-campus address. The goal of this external tag is to help faculty, staff, and students better identify potential phishing attempts, and keep the UW-W community safe from cyber-attacks. The external tag will appear at the top of the email body in all caps and in bold reading, EXTERNAL EMAIL.
When you see this tag, remember this two-step verification process:
You can see an example of what the External Email Tag will look like here: External Email (PDF)
Phishing Email Awareness Campaigns: While ICIT maintains an anti-spam service that blocks thousands of spam messages each week, however, the tactics being used to disseminate phishing scams and malicious email attachments are becoming increasingly complex, allowing some messages that evade the anti-spam filters. For that reason, ICIT will occasionally perform phishing assessments that involve sending out mock phishing and scam emails to the campus community, similar to those targeting the campus in the past. The intent of this effort is to assess campus vulnerabilities to these types of attacks, and so the campus community can better prepare to spot fraudulent messages. These messages will not be harmful in any way, and if you fall victim to one of these mock phishing messages you will be notified immediately and will be taken through a brief training exercise to help you learn how to identify fraudulent messages. For some quick tips on Phishing, check out our "Click Wisely" PDF.
Check out some additional resources to help you catch those Phish!
Cisco Umbrella: Cisco Umbrella is a cloud-delivered security service. Cisco Umbrella uses the internet's infrastructure to block malicious destinations before a connection is ever established. It offers the simplest, fastest way to protect every device on a network. The software acts as a filter in order to stop users from visiting any malicious, vulnerable, or compromised websites.
NEVER SHARE YOUR PASSWORD! (ICIT will never ask for your password)