"Mailbox Update" phishing email

There’s nothing like a campus-wide phishing email to enliven a Monday afternoon.  Today, the TechZone began receiving messages from many faculty and staff regarding a suspicious email.  The email is titled “University of Wisconsin-Madison Mailbox Update” and appears to be hitting much of campus. The message is not legitimate, so we wanted to warn everyone to be careful where they click. 

Note the following interesting parts of thie email:

There’s nothing like a campus-wide phishing email to enliven a Monday afternoon.  Today, the TechZone began receiving messages from many faculty and staff regarding a suspicious email.  The email is titled “University of Wisconsin-Madison Mailbox Update” and appears to be hitting much of campus. The message is not legitimate, so we wanted to warn everyone to be careful where they click. 

Note the following interesting parts of thie email:

  • Rolling over the links in the email (not shown below) showed that they didn’t go to wiscmail.wisc.edu, but to a different website disguised with a shortened URL. 
  • The From address is century21.ca, not a wisc.edu email address.
  • The copyright statement at the bottom of the email is is a believable touch, and marks this phishing email as being fairly sophisticated. 
  • The use of the term ‘NetID’ makes the email believable.
  • Poor grammar is a tip-off:  “In order to avoid your E-mail account been deactivated…”
  • If we followed the disguised links we’d have gone to a webpage that is very slow to load, but uses the UW logo and styling.

The text of the email is:

Dear Mailbox User,

Your University of Wisconsin-Madison Mailbox has reached its maximum limit of 500MB
storage. Your E-mail account will be deactivated if you do not update your Webmail account
now. To ensure absolute security of your Webmail accounts in our new system, please click here
and login to update your Webmail account immediately

In order to avoid your E-mail account been deactivated, we strongly recommend that you update
your Webmail account now. To update your Webmail account, just go to https://wiscmail.wisc.edu
and sign in with your NetID '@wisc.edu' and password.

*Your WiscMail account shall remain active after you have successfully update your E-mail account.

If you have any questions or concerns about your access, please contact University of Wisconsin-Madison
helpdesk for further assistance.

Best Regards,

University of Wisconsin-Madison
Help Desk
Webmail Administrator
https://wiscmail.wisc.edu
© 2015 Board of Regents of the University of Wisconsin System

 

If you’ve received this email, do not click on the links or enter your credentials on the webpage. If you have done this, change your password and then open a case with the Helpdesk.  

  • To change your password: https://kb.wisc.edu/page.php?id=20589
  • To open a case with the Helpdesk: https://kb.wisc.edu/page.php?id=1
  • More information on compromised NetID accounts: https://kb.wisc.edu/page.php?id=9973

Contact Sue Weier (scweier@wisc.edu) or the LSS TechZone (techzone@lss.wisc.edu) if you have questions.