Skip to Main Content

UW, Scammers, and Phishing

READ to Protect Yourself!

Step 1:

Did you get an EMAIL with the following UW Alert?
◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.

Step 2:

DO NOT READ THIS EMAIL WITH THE UW ALERT ON YOUR PHONE, IPAD, OR TABLET.

  • You will not be able to see the sender's email address on your phone, ipad, or tablet.
  • Do not assume the sender is using their own name.
  • The sender may be impersonating someone else to trick you.

Step 3:

Go to your DESKTOP or LAPTOP to view this email.

Step 4:

Do not respond or click any links until you read the scams below.

LEARN to Protect Yourself!

The following courses are available, free, and self-paced!
Ransomeware 101 - Online - Self-paced
Phishing - Online - Self-paced

Email Scams at UW

Email scammers are becoming more creative in designing their emails to appear as if the emails are coming from university personnel and uwyo.edu accounts. Don't fall for their scams!

Four of the more common email scams currently targeting UW users are:

Scams Impersonating UW Personnel

Scammers have impersonated UW directors, deans, executives and others at UW, including President Seidel. The emails ask: "Are you available" or "Are you on campus" or "Send your cell phone number.". Your first response will be "It must be important. It is from my supervisor or dean."

Look closely at the sending address.
These are not from UWYO.

In addition, you will see:
◆ This message was sent from a non-UWYO address.

If you respond to the scammer, they need something urgently done and ask you to buy gift cards and send them the gift card information. Don't do it!


Example Scam Emails
Received by UW employees

 

Scams With a Link to Login

Don't be fooled by a phishing email scam that contains a link. The link when clicked takes you to a login page. The scammers WANT you to enter your UW username and password and Duo passcode. They WANT to go into your accounts. Protect Yourself and Don't Do IT!

Don't Ever Give Out Your
UW Username, Password, and DUO Passcode.

The fake login page will look nearly identical to UW’s WyoWeb.
UW will never send you an email with a link to login.


Example Scam Emails
Received by UW employees

Sextortion Scam

The victim receives an email from someone who claims to have hacked their computer. The scammer backs up this claim by providing an actual password that the victim may have used or is currently using, on some website somewhere. The hacker says they have used the camera on the hacked computer to take videos of the victim in compromising situations and threatens to publicize the videos if the victim does not pay an extortion fee, usually in the form of bitcoin. These are false. The password is usually an actual password that the victim used on a previously compromised site like Yahoo that has been made public.


Example Scam Emails
Received by UW employees

 

Scams Claiming Renewals or Purchases

Phishing emails that try to trick you into believing you are being charged for goods or services that you did not order. They indicate "You have been charged $599" or "Your subscription has been renewed" and provide a link or phone number so you can call and give them your credit card number or bank information.

Do Not Call the Scammers or Press the Link!
Contact userhelp@uwyo.edu.


Example Scam Emails
Received by UW employees


Tips to Protect Yourself!

Here are some tips to help you avoid email scams:
  • UW tags outside, non-UWYO, emails with
    ◆ This message was sent from a non-UWYO address. Please exercise caution when clicking links or opening attachments from external sources.
    Look closely at the sending address. Don’t reply to these emails unless you are certain they are legitimate. If you aren’t then contact userhelp@uwyo.edu.
  • Be suspicious of any email from senders you don’t know, or that seems out of character for the sender. Verify that the sender is actually who they appear to be before clicking on any links or attachments.
  • Never buy gift cards at the email request of someone you think you know. Never pay these scams.
  • Never enter your DUO passcode into a link from an email.
  • Be cautious of emails written with poor grammar, lacking proper verb usage and sentence structure, or with text in all caps or bold font.
  • Never provide credit card or bank account numbers, and be cautious of payments by wire service, courier or bitcoin.
  • Verify the URL of any link before you click it by hovering your cursor over the link and examining the URL. If you don’t recognize the URL (or if the URL doesn’t contain uwyo.edu for UW correspondence), don’t click it.
  • Never open attachments unless they are from someone you know or you are expecting them.
  • Don’t enter your username and password (especially your UW username and password) to access any website if you are not 100% sure of its validity. In particular, be suspicious of email messages that have links to sites that ask you to use your UW username and password to login.
  • Keep your computer software updated and patched, particularly your antivirus (The UW antivirus Webroot, is updated automatically if on the UWYO domain).
  • Remember that nobody at the University of Wyoming will ever ask for your UW username or password for any reason, in any form other than when you’re logging into a UW system. If somebody does, they’re not representing the University or any of its offices. Report any occurrences to userhelp@uwyo.edu.

If you receive a suspicious email or fall victim to an email scam, please send the original email as an attachment (see directions below) to the UWIT Help Desk team at userhelp@uwyo.edu. UWIT staff will do all they can to prevent spam and phishing emails, but inevitably they will continue to get through. Please, be cautious about the email to which you respond. And if you’re not sure, get in touch with UWIT at 307 766-4357, option #1 or email userhelp@uwyo.edu.


Report a Phishing Attempt

Microsoft Outlook (Desktop Client)

  1. Select the suspicious email in Outlook.
  2. Control-Alt-F to forward the suspicious email as an attachment.
  3. Email userhelp@uwyo.edu with a subject line of “PHISHING” and explain what happened.

Office 365 Webmail

  1. Select New to compose a new email.
  2. In the upper right-hand corner of the new message, click the icon to compose the message in its own window.
  3. Drag the suspicious email into the body of the new message. This will add the suspicious email as an attachment.
  4. Email userhelp@uwyo.edu with a subject line of “PHISHING” and explain what happened.

Mac Mail

  1. Select the suspicious email.
  2. Select Message, then Forward as Attachment from the menu bar (or right-click and select Forward as Attachment).
  3. Email userhelp@uwyo.edu with a subject line of “PHISHING” and explain what happened.

Contact Us

Information Technology

Phone: (307) 766-HELP (4357)

Email: userhelp@uwyo.edu