UW System sends phishing simulations to students
April 6, 2022
The UW system is sending phishing simulations to students’ emails in order to test their sense of recognition of such scams.
Phishing is defined as “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers,” according to the Oxford Dictionary.
UW students who receive and fall for the phishing simulations by clicking on the link in the email were sent an additional email informing them that they were a part of a simulation and will likely be sent more emails of a similar structure.
Russia has been sending an increased number of scam emails and has initiated more hacking attempts since the beginning of the war in Ukraine.
According to SC Media, a media organization dedicated to keeping its audience informed on all topics related to cybersecurity, Russia-related phishing attacks have increased by a factor of eight since Feb. 27.
Mark Clements, the chief information officer for UW Oshkosh’s Information Technology (IT) department, said that although phishing has always been an issue, the risk and efforts have increased in light of recent events.
“Phishing is always a serious concern, but the Department of Homeland Security has raised concerns for increased malicious cyber activity, including phishing,” Clements said.
Those who attempt to phish information from users are looking for a variety of identification-related information.
Clements said that those who try phishing typically go for personal information and anything related to one’s finances. In some cases, the perpetrator will try to get the person to go to certain websites where their IP address, login information and other content can be stolen and distributed.
“Typically, the attackers are attempting to get the victim to share personal details such as username/passwords, banking information, or get the user to install malicious software,” he said.
The University of Texas at Austin’s Information Security Office also stated that most emails will start with a generic greeting such as “Dear Valued Apple Customer,” and the following text will have a request for private information.
This generic greeting will also likely come from an unorthodox email such as .
Cross referencing the sender’s email address with that of someone on the “contact us” tab of the company’s website can help a user in deciphering a phishing email.
If there is no external request for personal information, there may be a statement encouraging the user to click on a certain link.
The security office also recommends that users compare emails from a supposed company with the language used on that company’s website.
For example, if someone receives an email from a sender who claims to work for Apple, checking Apple’s website may be of help in the deciphering process.
As for what an attacker may do with someone’s account information, Clements said the intent is pretty clear and harmful.
“The information can be used for credit fraud or the attackers may access banking accounts and empty your accounts,” Clements said.
Clements said he does not have access to data such as the percentage of students failing the phishing simulations sent out by the UW system.
However, he said that students who believe they have fallen for phishes or have experienced other malicious cyber activity should contact the IT Help Desk at .