Security -- Spear Phishing

Once responded to, follow-up messages from the predator may ask you to send wire transfers, gift cards, or even charge items on your P-card or personal account.

How to spot a spear phishing attempt

Spear phishing attempts may have one or more of these characteristics:

• Appears to come from a valid name/email address (your boss, a colleague, a trusted contact)
• Includes full signature block of same trusted contact
• Appears to come from a trusted contact but uses a non-UW-Platteville email address (adm.e@ec.rr.com)
• Contains a short, urgent message for the purpose of initiating contact, e.g. “Got a minute?”

Responding to a seemingly harmless message will likely lead to follow-up messages from the predator asking you to send wire transfers, gift cards, or even charge items on your P-card. They may also ask you to share your personal phone number or other information. DO NOT COMPLY.

NOTE: Spear phishing is not limited to email.  Phishing attacks occur via phone, text, apps, social media, and even snail mail.

Handling the suspicious message

The guidelines for handling a spear phishing message are the same for all suspicious messages:

• Ask yourself, “Does this request make sense? Would this person say this?”
• DO NOT REPLY to the message; likewise, do not open any attachments or click any links
• Contact the alleged sender directly via telephone (recommended) or using their official UW-Platteville email address (although that account could be compromised as well)
• Report the incident to the ITS Help Desk at helpdesk@uwplatt.edu

For additional information on phishing, check out these campus resources:

• Video: Phishing at UW-Platteville
• Annotated samples of real-life phishing attempts in the ITS Knowledge Base
• Example phishing email exchange with explanations

If you have questions about spear phishing or information security on campus, please contact the ITS Help Desk at 608.342.1400 or helpdesk@uwplatt.edu.