Skip to main content
Link to news home page
News

Warning issued on ‘phish’ e-mail

February 8, 2005

Campus e-mail users are seeing a growing number of fraudulent and potentially dangerous “phish” messages. These e-mails appear to come from legitimate sources, such as eBay, PayPal or a bank, but in fact are sent by identity thieves in an effort to collect account numbers and other private information for illegal purposes.

One unfortunate UW–Madison student fell victim to a phish scam last fall, losing an amount equal to his semester’s tuition payment, says Jeff Savoy, a security administrator at DoIT. Nationwide, the billions of phish messages now flooding e-mail systems generate about a 5 percent response rate for identity thieves, says the Anti-Phishing Working Group, a volunteer organization fighting online fraud. The extent of financial loss is unclear, largely because victims cannot attribute unauthorized charges to phish messages.

To help campus e-mail users recognize and deal with phish messages, Savoy offers these suggestions:

  • Be suspicious of e-mails asking for personal financial information.
  • If you suspect a message is phish, see the list of reported attacks on the phishing archive at http://www.antiphishing.org. If your message is on the list, just delete it.
  • If the message is not listed on the archive, click Report Phishing and follow the instructions. When you e-mail the phish report, be sure to carbo copy it to UW–Madison BadgIRT at abuse@wisc.edu.