A scam email claiming that a UW Oshkosh staff member tested positive for an unnamed virus circulated last week, resulting in numerous concerned calls and messages sent to UWO’s IT department and the Student Health Center.
In an email announcement, Assistant Vice Chancellor for Information Technology Mark Clements said that “the message implores the reader to follow a link to a website to learn who that person is and to report any contact with them.”
The scam email specifically mentioned UWO and provided a fake university email address to send questions to, though the email came from a UW-Eau Claire address.
“This message was particularly tricky, since it was designed to look like it came from our Student Health Center,” Clements said.
IT administrators have been working to automatically block the message and the website it links to. Still, some people may still see the message on their mobile devices.
Student Health Center Director Angela Hawley said that in a situation where the health center needed to communicate with the university body, the email would be sent through an account affiliated with the Student Health Center.
“If we want to create awareness alone about an infectious disease concern, we could send an email to students, staff and faculty with general knowledge,” she said. “The email would come from myself.”
Hawley also said that other resources, such as the health center’s website, can be consulted for further information about a health situation on campus.
“To confirm the legitimacy of the person sending the email, individuals can check our webpage to verify the current employment of the sender as well as other tips sent by information technology in previous emails,” she said.
In the case of more serious and personal concerns such as the one posed by the fake email, Hawley said that the health center will not send emails directly to individuals.
“The Student Health Center will not send an email directly to a student, staff or faculty member noting a personal medical concern,” she said. “If needed, we would communicate via telephone or through secure messages in our electronic medical record.”
Clements said the scam email sent last week was especially deceptive because it had an immediate call to action.
“The attacker threatened the safety of the reader and wanted to take ‘immediate steps,’” he said. “Be very careful with any message that warns you of a bad thing that may happen if you do not follow their instructions.”
Additionally, Clements said the link in the email to a “dedicated webpage” directed readers to a website for Virginia traffic laws.
“Hovering over the link shows the URL,” he said. “Make sure the site referenced in the message makes sense.”
In the event that you receive a phishing message, Clements said to use the report function in Outlook. Doing so notifies the IT department and helps others by blocking the message.
