Please report any problems to the Shared Tools Team at st-help@doit.wisc.edu    Broken Links? Missing Macros? WIKI Retiring Plugins
Child pages
  • Phishing Scam Awareness Email Message
Skip to end of metadata
Go to start of metadata

Subject: Phishing Scam Awareness
Date: Wed, 11 Feb 2009 20:53:41 -0600
From: Ron Kraemer <ron.kraemer@cio.wisc.edu>
To: AC-AD-ALL@lists.wisc.edu

Dear Campus Leader:

Phishing scams continue to be a growing problem on our campus. Despite
various information security awareness programs, a significant number of
students and staff still disclose personal financial or identity
information in response to fraudulent emails and web sites.

The CIO Office, in conjunction with a working group of the Madison
Technical Advisory Group (MTAG), has been putting systems in place to
minimize the risks associated with this issue. Part of the challenge,
though, is that the phishing attempts often look like legitimate
communications, with senders posing as University departments or other
official businesses.

This is where you can help. Until we collectively eliminate all campus
emails and other electronic requests that ask our users to reveal their
Social Security Numbers, user names and passwords, financial accounts or
other restricted data, we remain part of the problem. We cannot tell
campus users it's not okay to disclose their identity information in
some places, but that it's okay to do it for the University. Not only
does this send a mixed message, but it overlooks the fact that email
scams can so convincingly spoof our efforts.

For these reasons, my office, after coordinating with several campus
leadership groups, is about to release a promotional campaign (see
http://www.cio.wisc.edu/security/scams.aspx) that informs our campus
community that "The UW won't ask you to reveal personal identity
information via email." Not only will this be an educational process
for end users, but we will need to continue to work with campus groups
and departments to adhere to this statement.

The good news is that we do have alternate means for helping campus
groups get the information they need from users in a more secure manner
(e.g., via the My UW-Madison portal). But it may require some changes to
the way we do business and some advanced planning. These guidelines may
be helpful as you move forward:

https://kb.wisc.edu/security/page.php?id=7914

I hope you will support our campus in these efforts to keep UW-Madison's
computing environment and our students, faculty and staff protected from
identity theft or worse.

Thank you.

  • No labels