Phishing Scams
Phishing is a form of social engineering where a scammer pretends to be a trusted person or organization to trick you into sharing information. If successful, scammers can steal data, install malware or lock systems.
If you are unsure of an email’s legitimacy, forward it to abuse@uwm.edu. Our security team will confirm if it’s a scam.
Signs of a Scam
Watch for messages that:
- Come from unknown senders
- Use urgent language or short deadlines
- Offer jobs, prizes or deals that seem too good to be true
- Ask for personal info, MFA codes or payment
- Contain links or attachments
- Reference UWM vaguely or without personalization
Common Scam Types
- Job Scams: high pay, few hours, external/internal UWM emails
- Gift Card: asks you to buy and share gift card numbers or photos of the cards
- Phone (Smishing/Vishing): unknown numbers, urgent “authority” calls
- Security Breach: claims your account is compromised; requests MFA/passwords
- Cloud Storage: demands money to avoid leaks or deletions
- Social Media: fake accounts, unsolicited DMs, low profile engagement
How to Handle a Phishing Email
- Don’t click links or open attachments
- Don’t reply or share personal information
- Mark the email as Phishing, follow the directions in this M365 Outlook Reporting Phishing Article
- Report the email to abuse@uwm.edu
- If you need additional assistance, contact the UWM Help Desk