January 28, 2019

As members of the Health Care Component at UW-Madison, we are especially vulnerable to phishing scams because of the valuable information to which we have access.  PLEASE watch out for phishing scams this time of year!  They are often mixed in with online shopping announcements and other messages about professional conferences, charitable giving, tax deadlines, vacation schedules, etc.   Phishing scams can put both UW-Madison’s AND your own personal information at risk!  Be sure to know what phishing is and report any suspected phishing attempts to your IT staff or the DoIT Help Desk.

  • Phishing is an email fraud method used by hackers and thieves to lure unsuspecting recipients to give away sensitive information or to download malicious software onto their devices.
  • Spear Phishing is targeted phishing that happens when hackers send fraudulent emails in a way that makes them seem like they come from known or trusted senders – to induce targeted individuals to reveal confidential information.
  • Whaling is targeted phishing specifically aimed at “bigger fish” such as supervisors, managers, and executives – higher-level decision-makers who often have access to a high volume of restricted data.

These scams use urgent and official-looking language to con you into acting quickly without thinking, and often include graphics or logos to make them seem legitimate.  They may ask for usernames, passwords, bank account information, dates of birth, or other unique identifiers.

If you open a potentially malicious attachment, are directed to a phishing website, or think you may have inappropriately shared any of your credentials or personal information – contact your local IT staff or the DoIT Help Desk so corrective action can be taken immediately.  (Use the automated reporting methods discussed here, forward the email to, or call 608-264-4357).

PHI or other personal identifying information obtained through phishing can be used to open fraudulent credit cards, file fraudulent tax returns, and commit other acts that involve identity theft.  Phishing attempts related to tax returns tend to follow quickly after the new year begins and continue through April.

If UW-Madison’s patients’ or research subjects’ PHI is obtained, we need to investigate and follow up in accordance with HIPAA’s Breach Notification requirements.

SEEK ASSISTANCE any time you suspect phishing. 

Click Here to learn more about phishing from UW-Madison’s Office of Cybersecurity.

Click Here to learn more from the United States Department of Health and Human Services Office for Civil Rights.