Phishing Detection and Remediation

What is phishing?

Phishing is the process of attempting to acquire sensitive information such as usernames, passwords or credit card details by masquerading as a trustworthy entity in an electronic communication. These are most often in the form of an email asking for personal information in order to "reactivate a suspended account" or "check on suspicious activity." Phishing emails often mimic the look and feel of an official email sent from an institution you trust, such as a bank, university, or credit card company.  Although most "phishes" come as email, phishing scams can also come in the form of text messages (SMShing) and phone calls (Vishing).

If you are not sure if the email is legitimate, call the company, bank, or university to verify that the email was, in fact, sent from them.  
Remember: No university, bank, or company will ever ask you to verify personal information via email.

For more information on phishing, please visit the Security Website at

How am I Protected from Phishing emails?

To reduce the number of potentially malicious messages you receive, all inbound messages are scanned by an external vendor application. If the application determines that a message has a high likelihood of being a phish, the message is moved into the user's Junk folder (unless the user overrides it).  Additionally, if phish/spam filter rules are also triggered, the message Subject line is modified with [SCAM] and a warning prepended to the body of the message.

Once messages are delivered to Inboxes, they are not scanned again by the email system.  Users may rely on endpoint software protection such as antivirus, but those systems can be equally evaded. Sometimes phishing emails get through because the phishing email is structured cleverly enough to look like a legitimate message.  That is the whole point - to trick the recipient into thinking it is a legitimate email so that they fall for the trap.  Follow these steps in determining if an email that you received is a phishing email or a legitimate email.

Components often found in Phishing Emails

  1. Sender is someone you don't know who's urging you to take immediate action with some kind of threat
  2. Grammatical errors (but that's improving)
  3. Email is NOT digitally signed
  4. URL's are hyperlinked in text such as "Click Here"
  5. Images within the email

Determining email legitimacy

  1. If claiming to be UW staff or student, look them up in the UW campus directory.  Otherwise, Google their name to see if they are who they say they are.
  2. Avoid opening attachments or clicking on any links until you know for a fact that this is a legitimate email.
  3. Avoid forwarding the questionable email to others asking them if they think it is a phishing email.
  4. If there are URLs or hyperlinks, hover the cursor over them, but DO NOT click on it.  Your email client will display the actual URL and it will give you an indication if this is legitimate or not.
  5. Phishing emails can embed malicious code behind an image that will automatically download. Thus, configure you email client to NOT display any images without asking first.
  6. Relatively advanced emails can even tailor the email's content directly for the recipient.
  7. If you still have doubts about the legitimacy of the email contact the help desk to follow proper procedures on identifying the source of this email and its legitimacy.

How to Report a Phishing Attempt

To report general phishing emails, go to To report phishing emails that appear to be from within the UW-Madison campus, go to Report an Incident.

I mistakenly clicked a link and my account is now disabled

If your account was disabled due to accidentally responding to a phishing scam, you must contact the DoIT Help Desk at (608) 264-HELP. One of our senior agents will review your account to check for malicious activity, re-activate your NetID services, and reset your password.

Keywords:phish university bank company scams suspicious suspended disabled digitally signed junk folder filter   Doc ID:52781
Owner:Kim M.Group:Office of Cybersecurity
Created:2015-06-18 15:54 CDTUpdated:2021-10-18 12:16 CDT
Sites:DoIT Help Desk, DoIT Tech Store, Office of Cybersecurity
Feedback:  11   10