Topics Map > Security
Topics Map > Campus Services > E-mail

Security - Example: Phishing attempt 04.29.22

Examples of ways to identify a phishing attempt

How can I tell if a message is legit?

Be suspicious if ANY of these clues appear.... and this example is FULL of them!  Bottom line, ask yourself, Does this make sense??

Part 1: The message

In addition to numerous grammatical and punctuation errors, you will find...

  1. Strange address, NOT uwplatt (even though it claims to be from ITS)
  2. The recipient (To) matches the sender (From)
  3. Updates from ITS will come directly from the Communications and Training Coordinator or through the monthly newsletter; ALSO multi-factor authentication is not limited to our "Email users".
  4. The security of your "spam filter"..??
  5. Hovering over the link displays a very long, suspicious, NON-uwplatt URL
  6. "Failure to update" indicates urgent consequences
  7. All caps indicate urgency, but also... if a campus system needs a password, it will label it "password".
  8. Not our official name, "ITS Help Desk"

    screenshot of phishing message with eight clues highlighted in red

Part 2: The login page

This login page has nothing "official", such as the campus logo or any mention of the University. Also, our multi-factor authentication is provided by Duo, not Microsoft.  Multi-factor authentication is not limited to email; any changes would apply to your entire account, not just Microsoft.

Any password field should be labeled "Password".

Screenshot of fake login screen with "MFA Security" field highlighted with a red box

[Doc 31915 content is unavailable at this time.]

Keywordsfish multi factor authentication log in security phish   Doc ID118274
OwnerDeb M.GroupUW Platteville
Created2022-04-29 13:18:37Updated2024-01-05 10:23:16
SitesUW Platteville
Feedback  0   0