The UW-Madison Office of Cybersecurity is aware of active campus phishing campaigns in which the attacker impersonates a UW-Madison employee support unit. Campaign emails ask recipients to click a link to visit a fake COVID-19 benefits site to validate their Bitcoin wallet, pledging $ 7,750 worth of Bitcoin in financial aid. See text included below.
Dated: Wed 08/25/2021 9:24 AM
In response to the current challenges due to the COVID-19 pandemic, the University of Wisconsin-Madison has decided to support all students and employees to get through these difficult times.
The University of Wisconsin-Madison COVID-19 Support Program provides $ 7,750 in bitcoin to help all eligible students and employees who are experiencing financial hardship due to the coronavirus pandemic, from Wednesday 25 August 2021.
Visit the University of Wisconsin COVID-19 Support Page and validate your Bitcoin wallet to receive your payment.
To note: This Covid-19 support program is powered by Bitcoin (₿) and the University of Wisconsin-Madison to help support amid the COVID-19 crisis.
COVID-19 Support Team
University of Wisconsin-Madison
The most recent phishing emails that look like this example were sent on the morning of Wednesday, August 25, but such attacks can happen at any time. Be on the lookout for such scams. You can recognize them in the following ways:
- Hover over the links, without clicking on them. Most email clients, including Outlook and O365 Online, will display the destination URL. In this case, the URL is clearly not associated with the University.
- Carefully inspect the URLs. Some scammers will try to trick you into including relevant keywords like the name of the company they are impersonating – look at the entire URL to make sure it includes a legitimate domain name in the correct location, for example , “wisc.edu”.
- If in doubt, do not click on the link, but go directly to the legitimate and relevant website and look for the confirmation of the email message.
What should I do if I accidentally clicked on the link?
Immediately change your NetID password by following the instructions in NetID: Changing a Password (Source: KB 20589).
Report a phishing campaign
Finally, if you suspect a phishing campaign, please report it! The best way to report spam and phishing attempts is to use Outlook’s built-in reporting options. Get detailed instructions here.