Information Security: UW System Phishing Email Simulations

The University of Wisconsin System Administration has a system-wide phishing awareness education program in which simulated phishing email messages are sent to all faculty and staff in the UW System.

March 2025-Stats

This grid shows each entity and the percent of recipients that clicked on the links in the phishing email.

UWRF ranked #9. (Click to enlarge the photo)

Phishing Simulation Explained:

Breaking Down the Phishing Attack

The phishing simulation was sent to all University of Wisconsin-River Falls employees including student employees.

Here is a copy of the simulated March phishing message that was sent. You can find indicators in each that help identify it as a phishing message.

(Click to enlarge the photo)

Spot the Spoofed Email Address

(click to enlarge)

Checking the email address is one of the best ways you can tell if a message is a phishing attack. By inspecting the email address, you can see it is not from linkedin.com. The email name is spoofed to show up with the name “LinkedIn,” but the actual email address goes to <linkedin@linkedincdn.com>. When compared, a real email is from LinkedIn with the address <notifications-noreply@linkedin.com>.

Go Directly to the Source

The email is meant to make you click out of curiosity and potentially excitement that your profile is being viewed. They are attempting to lull you into trusting the branding in order to get you to interact.

Look for Errors!

Scammers often have slight misspellings to attempt getting past email security filters. For example, you can see here that there are multiple misspellings of the brand name. A quick glance may miss this, but they have LinkedIn written as both “Linkedin” and “Linkdin.”

There are several other errors including the lack of punctuation for the word who’s as “whos” and the footer of the message includes a suspicious location with the listed address being at “1000 West Bogus Plaza, Pseudoville, NA.”

Report any branded email that has errors as that is likely a phishing attack.

Report as Phishing

Keep in mind for any email you receive and always be suspicious of unexpected messages. You were not expecting this message. Don’t let their urgency cause you to act without thinking.

While DoTS is able to block the vast majority of malicious messages it is possible for phishing attacks to slip through, so you need to be careful.

By reporting the message, you are helping us keep everyone safe. Nothing bad happens by reporting a message as phishing. If you aren’t sure something is safe, please let us know by using the Report Message feature in Outlook and selecting “report phishing.”

Phish rate: 0.55%
Phish rate compared to other UW institutions: Top 50%

The Email

QR codes in emails can be a red flag. It is wise to avoid scanning them altogether if you did not ask for it to be sent to you. Legitimate messages will typically give you alternatives to scanning a QR code.
The email is not a UWRF or Microsoft address.
There are misspellings/grammatical errors including “Were,” “Please ensure follow the instructions carefully,” “Micrsoft,” and “gude.” Do keep in mind that, just like using real branding, a lack of misspellings does not mean the message is safe. Scammers are using AI to craft convincing emails in multiple languages.