Email phishing scam halted

January 7, 2020 - Information security officials at the University of Wisconsin-River Falls are conducting a comprehensive review of a sophisticated phishing scam that may have caused 468 students to give away their login credentials.

The phishing scam involved an email and a website that mimicked those of UWRF. Students received an email message urging them to review their financial aid accounts for missing information by clicking on a purported link to the university’s financial aid page. Instead, it was a look-alike page controlled by the phishers.

Phishing is the fraudulent practice of sending deceptive emails in an attempt to obtain sensitive information.

Upon learning of the incident, university officials immediately changed passwords of affected students and deleted any unopened emails from the same source. Affected students and UW-River Falls police have been notified.

UWRF is proactive in its approach to information security and offers annual information security training to students, faculty, and staff. Additionally, the university has begun rolling out multi-factor authentication across campus with 100% employee adoption and nearly 30% student adoption to date.

For information regarding phishing or other cybersecurity threats, visit the Department of Homeland Security National Cyber Awareness System Tips website at

Questions regarding the phishing incident can be directed to the UWRF Division of Technology Services at 715-425-3687.

Contact Us

University Communications
and Marketing
120 North Hall
Phone: 715-425-3771
Fax: 715-425-4486