Phishing Campaigns

Information on UW-System Phishing Campaigns

In 2021, UW-System Office of Information Security implemented a Phishing Campaign on all campuses for all employees, including student employees. This phishing simulation emails are used to test and reinforce good behavior and are intended to help employees recognize, avoid and report potential threats that can compromise critical data and systems. Each month, UW-System is using a tool called InfoSec to send an email that appears to be a phish. When an employee clicks on a link within the phishing campaign email, they will be notified that they failed the test and they are directed to an informational site.

Supplemental Training Course

Per UW System Administrative Policy 1032, Information Security: Awareness, after an employee clicks on three phishing campaign emails within a calendar year, they will be enrolled in a short phishing training course. Employees that are enrolled in the supplemental training can expect to see an email from: securityawareness@lists.wisconsin.edu. The email will provide a link to complete the supplemental awareness training. See sample email:

Phishing training email

The supplemental security awareness training will consist of a short video that should take users less than 10 minutes to view and complete. The training must be completed within 30 days of assignment and once enrolled, employees will receive email reminders periodically until the training is completed.  If this training is not completed in 30 days, a report will be sent to Human Resources.  Failure to complete the required training within the specified period may result in disciplinary action. 

For more information about phishing you can contact the Technology Help Desk at 715232-500 or techdesk@uwstout.edu. For questions regarding compliance, please contact the Human Resources department at AskHR@uwstout.edu  

UW-System Phishing Campaign Examples

November Phishing Campaign

November Phishing Campaign
November Email
  • This was an unexpected message granting access to things not requested.
  • Email address is @swift-ness.com and NOT Adobe.
  • Misspellings:
    • adminstrator
    • sing vs sign
    • recieve
    • your vs. you're
  • "Get Started", was a link to a phishing URL.
  • Included a statement at the bottom that could be considered a hint, "Please use caution when click on links in phishing messages"
  • There was a made up address at the bottom

UW System Rates for November

UW-System Phishing 

Institution

Phished Rate

UWSA, UWSS & UWEX

.52%

UW-Parkside

.47%

UW-Milwaukee

1.69%

UW-Eau Claire

1.15%

UW-Green Bay

1.20%

UW-La Crosse

.50%

UW-Oshkosh

.40%

UW-Platteville

.52%

UW-River Falls

.82%

UW-Stevens Point

1.19%

UW-Stout

1.32%

UW-Superior

.60%

UW-Whitewater

.17%

UW-Madison

4.39%

UW-System

2.85 %

October Phishing Campaign


October Phishing Campaign
October phishing example
  • Beware of suspicious subject lines that seem out of the ordinary
  • Look at the sender and the email domain as one way to verify suspicious emails
  • Links in emails can be dangerous. The link in this email was an example of link masking. Hackers use link masking to hide the actual URL of the link. Most browsers will display the true link by hovering the mouse pointer over it.
 

UW-System Phishing Rates for October

UW-System Phishing 

Institution

Phished Rate

UWSA, UWSS & UWEX

3.28%

UW-Parkside

4.85%

UW-Milwaukee

8.64%

UW-Eau Claire

9.31%

UW-Green Bay

10.51%

UW-La Crosse

5.81%

UW-Oshkosh

3.80%

UW-Platteville

8.77%

UW-River Falls

8.07%

UW-Stevens Point

10.34%

UW-Stout

11.81%

UW-Superior

8.9%

UW-Whitewater

9.22%

UW-Madison

5.31%

Systemwide Average

6.71%

September Phishing Campaign

September Phishing Campaign
September Phishing
  • Confirm any unexpected changes in process or requests through a secure line of communication before complying.
  • Investigate the email address itself. In this case, the email address ends with donotrepliee.com
  • Repurposed images and logos from actual companies are used to add a perception of legitimacy to phishing messages.
  • One of the more common signs of a phishing email is misspelling. "Authentcator"
  • QR codes are becoming increasingly popular, but that does not mean they are always safe. they are easy to use, making it easy for you to end up on a malicious website.

UW-System Phishing Rates for September

UW-System Phishing 

Institution

Phished Rate

UWSA, UWSS & UWEX

.34%

UW-Parkside

1.35%

UW-Milwaukee

2.5%

UW-Eau Claire

1.23%

UW-Green Bay

0%

UW-La Crosse

1.3%

UW-Oshkosh

1.41%

UW-Platteville

2.32%

UW-River Falls

1.39%

UW-Stevens Point

3.19%

UW-Stout

1.8%

UW-Superior

2.0%

UW-Whitewater

1.63%

UW-Madison

1.59%

Systemwide Average

1.74%

August Phishing Campaign

August Phishing Campaign
August Phishing Campaign - Fantasy Footbal

Tips for this Month

  • One of the more common signs of a phishing email is bad spelling and incorrect use of grammar ( Games was spelled "Garnes"

  • Investigate the email address itself. In this case, the email address ends with safemessaging.org

  • In cases where you did not initiate the interaction to receive invitations, marketing materials, or newsletters, there is a higher probability that the email is suspect.

  • This was sent out at the same time as many fantasy football leagues were kicking off.

  • An indicator of a potentiality fraudulent email is when all links in a message lead to the same "phishing" URL or address: in this case safemessaging.org

 

UW-System Phishing Rates for August

UW-System Phishing 

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

566

2.5%

UW-Parkside

755

13%

UW-Milwaukee

6977

2.4%

UW-Eau Claire

3170

3.8%

UW-Green Bay

Delivery Failure

0%

UW-La Crosse

1143

3.4%

UW-Oshkosh

2084

2.7%

UW-Platteville

1960

3.3%

UW-River Falls

1349

2.9%

UW-Stevens Point

2231

3.7%

UW-Stout

1335

2.8%

UW-Superior

724

3.0%

UW-Whitewater

2435

4.0%

UW-Madison

34981

2.7%

Systemwide Average

59728

2.8%

July Phishing Campaign

July Phishing Campaign
July Phishing Campaign example

Tips for this Month

Don’t trust an email just because it looks familiar. This month’s phish was a bit tricky as the UW -System institutions are big users of Teams and we often click things that seem familiar. It may seem unfair, but that is what the bad actors do. Bad actors often use Microsoft, Apple, Netflix, Amazon and other common brands and services to gain trust.

While the email looked pretty good, as they often do, both Teams and Microsoft was misspelled in the subject line. But please don’t count on misspellings. The bad guys often have copy editors these days.

This message also adds a sense of urgency as it was sent just after the close of FY22 and it notes delinquencies.

The reply to address was no-reply@network-support.us. This is clearly not a Stout or UW system address. A good indicator of a phish.

UW-System Phishing Rates for July

UW-System Phishing 

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

576

15.3%

UW-Parkside

760

10.7%

UW-Milwaukee

7222

17.4%

UW-Eau Claire

3202

12.1%

UW-Green Bay

708

18.5%

UW-La Crosse

1434

13.0%

UW-Oshkosh

2131

12.7%

UW-Platteville

1991

18.6%

UW-River Falls

1355

14.8%

UW-Stevens Point

2249

21.4%

UW-Stout

1258

18.6%

UW-Superior

724

10.7%

UW-Whitewater

2613

7.1%

UW-Madison

35556

13.0%

Systemwide Average

61779

13.9%

June Phishing Campaign

June 2022 Phishing Email Example
June phishing message

Tips for this Month

Be wary of any email demanding action. They are quite often fraudulent. Covid has been a focus of fraudsters for the past two years. Wisconsin residents have reported over 9,000 complaints of fraud related to the Covid pandemic to the Federal Trade Commission. Nearly half of the reported fraud resulted in financial loss. This amounted to $8.22 million dollars in losses reported by Wisconsin residents alone!

UW-System Phishing Rates for June

 

UW-System Phishing Rates

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

588

1.7%

UW-Parkside

797

2.6%

UW-Milwaukee

7418

1.5%

UW-Eau Claire

3257

0.5%

UW-Green Bay

1661

3.0%

UW-La Crosse

2205

3.7%

UW-Oshkosh

2711

0.9%

UW-Platteville

2223

1.7%

UW-River Falls

1556

4.6%

UW-Stevens Point

2491

6.5%

UW-Stout

2468

4.1%

UW-Superior

860

3.7%

UW-Whitewater

2764

2.7%

UW-Madison

36213

3.5%

Systemwide

67212

3.0%

**Due to a problem with the vendor’s server configuration, some campuses did experience delivery problems. Stout was not one of them. Numbers <1% should be ignored.

May Phishing Campaign

May 2022 Phishing Email Example
May Phishing example

  1. The sender's email address had a spelling error in the domain. @micrsoftalerts.com

  2. Tip: If you did not attach a service to your account or make a purchase through a service, you can safely assume it is a phish or scam. Even if it is a service you do use.

UW-System Phishing Rates for May

UW-System Phishing Rates for May

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

589

7.8%

UW-Parkside

828

3.9%

UW-Milwaukee

7418

7.4%

UW-Eau Claire

3258

6.5%

UW-Green Bay

1661

7.4%

UW-La Crosse

2205

3.6%

UW-Oshkosh

2723

5.5%

UW-Platteville

2223

5.3%

UW-River Falls

1556

5.1%

UW-Stevens Point

2493

8.4%

UW-Stout

2468

6.0%

UW-Superior

861

6.3%

UW-Whitewater

2764

4.8%

UW-Madison

36286

5.6%

Systemwide

67333

5.9%

April Phishing Campaign

April 2022 Phishing Email Example
April Phishing Example

  1. The April campaign was aligned with current events. They will use current events to make the emails appear relevant. 

  2. April’s phish included an additional step where users could have entered their twitter credentials.

Note: Technical issues prevented over 2/3 of the phishing email from being delivered. Approximately 700 emails went through. However, if you extrapolate based on the numbers, we would still be under 1% if all email had gotten through.

Phishing Rates for April

Phishing Rates

Institution

Unique learners

Opened Rate

Phished Rate

UWSA, UWSS & UWEX

0

UW-Parkside

756

18.8%

0.4%

UW-Milwaukee

7104

32.0%

1.3%

UW-Eau Claire

2988

37.9%

1.0%

UW-Green Bay

1588

32.7%

0.6%

UW-La Crosse

2325

32.5%

0.9%

UW-Oshkosh

2715

18.9%

0.7%

UW-Platteville

2150

29.2%

0.6%

UW-River Falls

1525

30.8%

0.5%

UW-Stevens Point

2572

32.3%

0.7%

UW-Stout

2215

4.1%

0.2%

UW-Superior

818

25.0%

0.2%

UW-Whitewater

0

UW-Madison

35318

28.9%

1.4%

Systemwide

62074

28.6%

1.1%

 

March Phishing Campaign

March 2022 Phishing Email Example
March Mail example

  1. The March campaign was aligned with the tax season which is what many phishing experts will do. They will use current events to make the emails appear relevant.

  2. The display email used was from an unfamiliar email account and not associated with a UW email address or with your personal tax company.

  3. There was a "Call to Action" message. "Your ability to e-file will be disabled" statement demanded your response.

Phishing Rates for March 

 

Phishing Rates

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

561

1.6%

UW-Parkside

771

2.0%

UW-Milwaukee

7104

3.4%

UW-Eau Claire

2989

2.5%

UW-Green Bay

1588

2.5%

UW-La Crosse

2342

2.2%

UW-Oshkosh

2726

2.5%

UW-Platteville

2150

3.0%

UW-River Falls

1525

3.1%

UW-Stevens Point

2572

4.4%

UW-Stout

2216

3.1%

UW-Superior

818

3.1%

UW-Whitewater

2658

2.6%

UW-Madison

35331

2.6%

Systemwide

65351

2.8%

See Also:



Keywords:phishing clicks email sys   Doc ID:117750
Owner:Heidi C.Group:UW Stout
Created:2022-04-04 12:56 CSTUpdated:2022-12-13 09:17 CST
Sites:UW Stout
Feedback:  1   0