Phishing Campaigns

Information on UW-System Phishing Campaigns

In 2021, UW-System Office of Information Security implemented a Phishing Campaign on all campuses for all employees, including student employees. This phishing simulation emails are used to test and reinforce good behavior and are intended to help employees recognize, avoid and report potential threats that can compromise critical data and systems. UW-System is now using a tool called Proofpoint to send an email that appears to be a phish. When an employee clicks on a link within the phishing campaign email, they will be notified that they failed the test and they are directed to an informational site.

Supplemental Training Course

Per UW System Administrative Policy 1032, Information Security: Awareness, after an employee clicks on three phishing campaign emails within a calendar year, they will be enrolled in a short phishing training course. Employees that are enrolled in the supplemental training can expect to see an email from: securityawareness@lists.wisconsin.edu. The email will provide a link to complete the supplemental awareness training. See sample email:

Phishing training email

The supplemental security awareness training will consist of a short video that should take users less than 10 minutes to view and complete. The training must be completed within 30 days of assignment and once enrolled, employees will receive email reminders periodically until the training is completed.  If this training is not completed in 30 days, a report will be sent to Human Resources.  Failure to complete the required training within the specified period may result in disciplinary action. 

For more information about phishing you can contact the Technology Help Desk at 715232-500 or techdesk@uwstout.edu. For questions regarding compliance, please contact the Human Resources department at AskHR@uwstout.edu  

UW-System Phishing Campaign Examples

2023 Phishing Campaigns

July 2023 Phishing Campaign


July2023 Phishing Campaign

phishing email example with Internet Explorer

  • Email subjects can add a sense of urgency. Messages stressing urgency are often a sign of a phishing email. Do the opposite and slow down to review for legitimacy.
  • Always verify the email address. Note mispellings.
  • Question the content. Internet Explorer is no longer available.
  • Note the message is generic in nature an dit could lhave come from anyone.

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

585

3.1%

UW-Parkside

800

6.4%

UW-Milwaukee

7667

13.3%

UW-Eau Claire

3324

.2%

UW-Green Bay

1565

12.8%

UW-La Crosse

1433

2.4%

UW-Oshkosh

2083

4.8%

UW-Platteville

2015

13.3%

UW-River Falls

1290

12.9%

UW-Stevens Point

2632

12.1%

UW-Stout

1268

8.5%

UW-Superior

727

12.8%

UW-Whitewater

2689

11.1%

UW-Madison

38140

6.9%

Systemwide

66218

8.0%

May 2023 Phishing Campaign


May 2023 Phishing Campaign

Last Pass phishing email

  • Take extra care when reading all emails, even those claiming to come from your employer.
  • Hackers will use recent data breaches to lure people in. Beware of scare tactics that might seem out of the ordinary.
  • Messages stressing urgency are often a sign of a phishing email. Do the opposite and slow down to review for legitimacy.

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

585

9.6%

UW-Parkside

891

5.0%

UW-Milwaukee

8001

9.1%

UW-Eau Claire

3353

10.0%

UW-Green Bay

1779

7.4%

UW-La Crosse

2447

5.0%

UW-Oshkosh

2835

5.1%

UW-Platteville

2247

12.5%

UW-River Falls

1599

10.0%

UW-Stevens Point

2752

11.7%

UW-Stout

2484

12.3%

UW-Superior

832

11.8%

UW-Whitewater

2953

6.6%

UW-Madison

35449

4.6%

Systemwide

68207

6.7%

March 2023 Phishing Campaign


March 2023 Phishing Campaign

March 2023 phishing campaign

  • UW-Stout is a Microsoft 365 campus and most business is shared via OneDrive, Teams and SharePoint. If you receive a request to edit a document in a system you don't commonly use or you are not expecting it, be cautious. You can always reach out to the sender to find out if it is legitimate.
  • The email address includes a misspelling and does not match the sender. (no.reply@alerttnow.com)
  • "Conferance" is spelled incorrectly.
  • The urgency in the message is a red flag.

January 2023 Phishing Campaign


January 2023 Phishing Campaign

January 2023 Phishing example
  • Note the spelling in "micrsoftalerts.com"
  • Incorrect spelling, your vs. you're
  • Sense of Urgency in large blue text
  • Phishing links included in email

 

2022 Phishing Campaigns

November Phishing Campaign

November Phishing Campaign
November Email
  • This was an unexpected message granting access to things not requested.
  • Email address is @swift-ness.com and NOT Adobe.
  • Misspellings:
    • adminstrator
    • sing vs sign
    • recieve
    • your vs. you're
  • "Get Started", was a link to a phishing URL.
  • Included a statement at the bottom that could be considered a hint, "Please use caution when click on links in phishing messages"
  • There was a made up address at the bottom

UW System Rates for November

UW-System Phishing 

Institution

Phished Rate

UWSA, UWSS & UWEX

.52%

UW-Parkside

.47%

UW-Milwaukee

1.69%

UW-Eau Claire

1.15%

UW-Green Bay

1.20%

UW-La Crosse

.50%

UW-Oshkosh

.40%

UW-Platteville

.52%

UW-River Falls

.82%

UW-Stevens Point

1.19%

UW-Stout

1.32%

UW-Superior

.60%

UW-Whitewater

.17%

UW-Madison

4.39%

UW-System

2.85 %

October Phishing Campaign


October Phishing Campaign

October phishing example
  • Beware of suspicious subject lines that seem out of the ordinary
  • Look at the sender and the email domain as one way to verify suspicious emails
  • Links in emails can be dangerous. The link in this email was an example of link masking. Hackers use link masking to hide the actual URL of the link. Most browsers will display the true link by hovering the mouse pointer over it.
 

UW-System Phishing Rates for October

UW-System Phishing 

Institution

Phished Rate

UWSA, UWSS & UWEX

3.28%

UW-Parkside

4.85%

UW-Milwaukee

8.64%

UW-Eau Claire

9.31%

UW-Green Bay

10.51%

UW-La Crosse

5.81%

UW-Oshkosh

3.80%

UW-Platteville

8.77%

UW-River Falls

8.07%

UW-Stevens Point

10.34%

UW-Stout

11.81%

UW-Superior

8.9%

UW-Whitewater

9.22%

UW-Madison

5.31%

Systemwide Average

6.71%

September Phishing Campaign

September Phishing Campaign
September Phishing
  • Confirm any unexpected changes in process or requests through a secure line of communication before complying.
  • Investigate the email address itself. In this case, the email address ends with donotrepliee.com
  • Repurposed images and logos from actual companies are used to add a perception of legitimacy to phishing messages.
  • One of the more common signs of a phishing email is misspelling. "Authentcator"
  • QR codes are becoming increasingly popular, but that does not mean they are always safe. they are easy to use, making it easy for you to end up on a malicious website.

UW-System Phishing Rates for September

UW-System Phishing 

Institution

Phished Rate

UWSA, UWSS & UWEX

.34%

UW-Parkside

1.35%

UW-Milwaukee

2.5%

UW-Eau Claire

1.23%

UW-Green Bay

0%

UW-La Crosse

1.3%

UW-Oshkosh

1.41%

UW-Platteville

2.32%

UW-River Falls

1.39%

UW-Stevens Point

3.19%

UW-Stout

1.8%

UW-Superior

2.0%

UW-Whitewater

1.63%

UW-Madison

1.59%

Systemwide Average

1.74%

August Phishing Campaign

August Phishing Campaign

August Phishing Campaign - Fantasy Footbal

Tips for this Month

  • One of the more common signs of a phishing email is bad spelling and incorrect use of grammar ( Games was spelled "Garnes"

  • Investigate the email address itself. In this case, the email address ends with safemessaging.org

  • In cases where you did not initiate the interaction to receive invitations, marketing materials, or newsletters, there is a higher probability that the email is suspect.

  • This was sent out at the same time as many fantasy football leagues were kicking off.

  • An indicator of a potentiality fraudulent email is when all links in a message lead to the same "phishing" URL or address: in this case safemessaging.org

 

UW-System Phishing Rates for August

UW-System Phishing 

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

566

2.5%

UW-Parkside

755

13%

UW-Milwaukee

6977

2.4%

UW-Eau Claire

3170

3.8%

UW-Green Bay

Delivery Failure

0%

UW-La Crosse

1143

3.4%

UW-Oshkosh

2084

2.7%

UW-Platteville

1960

3.3%

UW-River Falls

1349

2.9%

UW-Stevens Point

2231

3.7%

UW-Stout

1335

2.8%

UW-Superior

724

3.0%

UW-Whitewater

2435

4.0%

UW-Madison

34981

2.7%

Systemwide Average

59728

2.8%

July Phishing Campaign

July Phishing Campaign

July Phishing Campaign example

Tips for this Month

Don’t trust an email just because it looks familiar. This month’s phish was a bit tricky as the UW -System institutions are big users of Teams and we often click things that seem familiar. It may seem unfair, but that is what the bad actors do. Bad actors often use Microsoft, Apple, Netflix, Amazon and other common brands and services to gain trust.

While the email looked pretty good, as they often do, both Teams and Microsoft was misspelled in the subject line. But please don’t count on misspellings. The bad guys often have copy editors these days.

This message also adds a sense of urgency as it was sent just after the close of FY22 and it notes delinquencies.

The reply to address was no-reply@network-support.us. This is clearly not a Stout or UW system address. A good indicator of a phish.

UW-System Phishing Rates for July

UW-System Phishing 

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

576

15.3%

UW-Parkside

760

10.7%

UW-Milwaukee

7222

17.4%

UW-Eau Claire

3202

12.1%

UW-Green Bay

708

18.5%

UW-La Crosse

1434

13.0%

UW-Oshkosh

2131

12.7%

UW-Platteville

1991

18.6%

UW-River Falls

1355

14.8%

UW-Stevens Point

2249

21.4%

UW-Stout

1258

18.6%

UW-Superior

724

10.7%

UW-Whitewater

2613

7.1%

UW-Madison

35556

13.0%

Systemwide Average

61779

13.9%

June Phishing Campaign

June 2022 Phishing Email Example

June phishing message

Tips for this Month

Be wary of any email demanding action. They are quite often fraudulent. Covid has been a focus of fraudsters for the past two years. Wisconsin residents have reported over 9,000 complaints of fraud related to the Covid pandemic to the Federal Trade Commission. Nearly half of the reported fraud resulted in financial loss. This amounted to $8.22 million dollars in losses reported by Wisconsin residents alone!

UW-System Phishing Rates for June

 

UW-System Phishing Rates

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

588

1.7%

UW-Parkside

797

2.6%

UW-Milwaukee

7418

1.5%

UW-Eau Claire

3257

0.5%

UW-Green Bay

1661

3.0%

UW-La Crosse

2205

3.7%

UW-Oshkosh

2711

0.9%

UW-Platteville

2223

1.7%

UW-River Falls

1556

4.6%

UW-Stevens Point

2491

6.5%

UW-Stout

2468

4.1%

UW-Superior

860

3.7%

UW-Whitewater

2764

2.7%

UW-Madison

36213

3.5%

Systemwide

67212

3.0%

**Due to a problem with the vendor’s server configuration, some campuses did experience delivery problems. Stout was not one of them. Numbers <1% should be ignored.

May Phishing Campaign

May 2022 Phishing Email Example

May Phishing example
  1. The sender's email address had a spelling error in the domain. @micrsoftalerts.com

  2. Tip: If you did not attach a service to your account or make a purchase through a service, you can safely assume it is a phish or scam. Even if it is a service you do use.

UW-System Phishing Rates for May

UW-System Phishing Rates for May

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

589

7.8%

UW-Parkside

828

3.9%

UW-Milwaukee

7418

7.4%

UW-Eau Claire

3258

6.5%

UW-Green Bay

1661

7.4%

UW-La Crosse

2205

3.6%

UW-Oshkosh

2723

5.5%

UW-Platteville

2223

5.3%

UW-River Falls

1556

5.1%

UW-Stevens Point

2493

8.4%

UW-Stout

2468

6.0%

UW-Superior

861

6.3%

UW-Whitewater

2764

4.8%

UW-Madison

36286

5.6%

Systemwide

67333

5.9%

April Phishing Campaign

April 2022 Phishing Email Example

April Phishing Example
  1. The April campaign was aligned with current events. They will use current events to make the emails appear relevant. 

  2. April’s phish included an additional step where users could have entered their twitter credentials.

Note: Technical issues prevented over 2/3 of the phishing email from being delivered. Approximately 700 emails went through. However, if you extrapolate based on the numbers, we would still be under 1% if all email had gotten through.

Phishing Rates for April

Phishing Rates

Institution

Unique learners

Opened Rate

Phished Rate

UWSA, UWSS & UWEX

0

UW-Parkside

756

18.8%

0.4%

UW-Milwaukee

7104

32.0%

1.3%

UW-Eau Claire

2988

37.9%

1.0%

UW-Green Bay

1588

32.7%

0.6%

UW-La Crosse

2325

32.5%

0.9%

UW-Oshkosh

2715

18.9%

0.7%

UW-Platteville

2150

29.2%

0.6%

UW-River Falls

1525

30.8%

0.5%

UW-Stevens Point

2572

32.3%

0.7%

UW-Stout

2215

4.1%

0.2%

UW-Superior

818

25.0%

0.2%

UW-Whitewater

0

UW-Madison

35318

28.9%

1.4%

Systemwide

62074

28.6%

1.1%

 

March Phishing Campaign

March 2022 Phishing Email Example

March Mail example
  1. The March campaign was aligned with the tax season which is what many phishing experts will do. They will use current events to make the emails appear relevant.

  2. The display email used was from an unfamiliar email account and not associated with a UW email address or with your personal tax company.

  3. There was a "Call to Action" message. "Your ability to e-file will be disabled" statement demanded your response.

Phishing Rates for March 

 

Phishing Rates

Institution

Unique learners

Phished Rate

UWSA, UWSS & UWEX

561

1.6%

UW-Parkside

771

2.0%

UW-Milwaukee

7104

3.4%

UW-Eau Claire

2989

2.5%

UW-Green Bay

1588

2.5%

UW-La Crosse

2342

2.2%

UW-Oshkosh

2726

2.5%

UW-Platteville

2150

3.0%

UW-River Falls

1525

3.1%

UW-Stevens Point

2572

4.4%

UW-Stout

2216

3.1%

UW-Superior

818

3.1%

UW-Whitewater

2658

2.6%

UW-Madison

35331

2.6%

Systemwide

65351

2.8%



Keywordsphishing clicks email sys   Doc ID117750
OwnerHeidi C.GroupUW Stout
KnowledgeBase
Created2022-04-04 13:56:48Updated2023-09-15 12:13:11
SitesUW Stout
Feedback  3   0