Security - Example: Phishing attempt 06.14.21

Summary

Here's an example of a fake email from HR with an attachment

Body

Examples of ways to identify a phishing attempt

How can I tell if a message is legit?

Be suspicious if any of these clues appear...

Part 1: The Message: Does this make sense?

  1. HR does not send earning statements to employees; employees may download their earnings statements from MyUW at any time.
  2. Unknown or vague From addresses; even though one claims to be @uwplatt.edu, the "DoNotReply" is suspicious; the other is not university- or System-related
  3. The University uses the term "Earning Statement" not "paystub" or "PayRoll Check".
  4. June 10, 2021 was a Thursday; bi-weekly pay periods end on Saturdays while monthly periods end on the last day of the given month.

Image illustrating the phishing email indicators as described in this article.

Part 2: The Login Page

The attachment is an HTML file that opens in a dialogue box requiring you to log in. While this box contains a Platteville logo, University employees access their earning statements in MyUW (HRS) through UW System's gray federated login page.

Image illustrates the indicators for phishing logins as described in this article.

Need help?

If you have questions, please contact the ITS Help Desk at 608.342.1400 or helpdesk@uwplatt.edu.  You may also visit the Help Desk on the first floor of the Karrmann Library.

Details

Details

Article ID: 12807
Created
Wed 5/15/24 12:10 PM
Modified
Mon 10/14/24 10:50 AM