University of Vermont

Information Technology

"Uvm.edu Wrote:" Email is a Scam

Please do not fall for an email scam that is targeting UVM email users as the academic year begins.  An email with the Subject "Uvm.edu Wrote:"  tries to lure recipients to click on a link to a non-UVM web site, where they would be prompted to enter their Net-IDs and passwords.  This message, and any other email that asks you to divulge your UVM password, is a phishing scam. Do not reply, and do not click links in this or any email that asks you to provide passwords or other authentication information.

What to do if you've clicked on the link

If you've replied to one of these email messages, or followed its included link, you should change your password immediately atwww.uvm.edu/account. Contact the UVM Computing Helpline if you need assistance changing your password.

For more information about phishing scams, view our Web page on protecting your NetID and password

If you are ever uncertain about the legitimacy of an email message concerning your uvm.edu account, please contact the Computing Help Line at 656-2604, or submit a help request online.

The "Uvm.edu Wrote:" Scam

This is the message that many UVM email addresses received today.  While it appears to come from a UVM address, there are multiple clues that it is not legitimate:

  • It is not personalized (sent to "undisclosed-recipients" rather than addressed to you with your name and email address, and using your name in the body of the message)
  • The Subject line makes no sense
  • The text is awkward and contains spelling and grammatical errors
  • The message says it was sent by a non-UVM Internet service provider, tgtel.com
  • Most tellingly, the link in the message goes to a non-UVM web site (tuclouds.com rather than uvm.edu)
  • Although not displayed below, the hidden email headers also show the message was not sent from UVM

When any one of the clues above appear in an email message concerning your UVM account, please ignore the message or ask for help. 

From: "Uvm.edu" <emailaccount@uvm.edu>
Date: August 31, 2011 8:25:11 AM EDT
To: undisclosed-recipients:;
Subject: Uvm.edu Wrote:
Reply-To: "Uvm.edu" <emailaccount@uvm.edu>

Uvm.edu Wrote:

This is to inform you that your verification link to guard your mail account
for numerous spam activities
from a foreign Ip recently which we notice on our data based,

Please verify your account for anti-spam 2011

hxxp://www.tuclouds.com/form.php?id=12809

Failure to do this your account will be temporary blocked

________________________________________________
Message sent using TGTEL WebMail - www.tgtel.com

 

What is a Phishing Scam?

The Anti-Phishing Working Group (APWG) explains that phishing "attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials."

Phishing scams are successful when they sound authentic, and are often customized to appear as though they come from a trusted source.  They often include a mix of real and bogus email addresses and web links (URLs).  Phishing scams often appear to come from UVM, although of course they do not.  

APWG offers useful tips to help you avoid becoming a victim of phishing or pharming:

  • Be suspicious of any email with urgent requests for  personal financial information
  • Don't use the links in an email to get to any web  page, if you suspect the message might not be authentic
  • Avoid filling out forms in email messages that ask  for personal financial information
  • Always ensure that you're using a secure website  when submitting credit card or other sensitive information  via your Web browser
  • Consider installing a Web browser tool bar to help  protect you from known phishing fraud websites
  • Regularly log into your online accounts
  • Regularly check your bank, credit and debit card  statements to ensure that all transactions are legitimate
  • Ensure that your browser is up to date and security  patches applied
  • Always report "phishing" or "spoofed" e-mails


Visit the following resources to learn more about phishing and pharming prevention,  scam advisories, and to report yourself as a victim of phishing or pharming:

Keeping Scams Out of Your Inbox

To avoid or limit this type of spam in the future, you can tell the UVM email system to dump spam into a "spam" folder rather than delivering it to your Inbox.  (You can open your spam folder to check for messages there, but most people just ignore it, and the system automatically purges old spam so you don't have to worry about accumulating too much.)  A recommended spam "threshold" is 50%. 

Some Older Phishing Scams

While there are likely to be several variations on each scam, here are some the messages received by UVMers recently.

The "250MB" Scam
Subject:    250MB
Date:    Thu, 25 Aug 2011 13:21:09 +0100
From:    Noel Kelly <__@monkswalk.herts.sch.uk>
To:    <__@li.com>

This is to notify you that you are over your mailbox limit which is 250MB as set by your mailbox manager, you are currently at 257MB, you will not be able to create new e-mail to send or receive messages until you validate your mailbox. To re-validate your account,click here:
Help Desk
Subject: You Have 1 New Message.
From: UVM WebMail <servicemail@uvm.edu>
Date: November 11, 2009 6:11:30 PM EST
To: Undisclosed recipients: ;
Subject: You Have 1 New Message.

Welcome to UVM WebMail

Due to recent problem encountered with access to your UVM WebMail account you
are required to verify your Webmail information by clicking on the verify my Webmail account link below.


Verify My Webmail Account


Regards

Thank you for using UVM WebMail


Subject:    HELP US TO FIGHT AGAINST PHISING EMAILS or To avoid losing your account or We are upgrading all uvm.edu Accounts

The scam is evident from the From  address not being a uvm.edu address, the lack of a "To" address, the lack of personalization, and the instruction to send confidential information to a non-uvm.edu address.  UVM and other reputable organizations will never use email to request that you reply with your password, Social Security Number, date of birth or confidential personal information.


*From: *ACCOUNT UPGRADE
*Date: *May 24, 2010 4:32:24 AM EDT
*Subject: **To avoid losing your account*

We are upgrading all uvm.edu Accounts.If you still want to retain this account you are to fill out the space below to Admin email: accountupgrade@kimo.com


Username: (**************)
UVM NetID (**************)
Password: (**************)
Date Of Birth(************)

Web Manager

 

Subject:    Quota Alert ! ! !

The scam is evident from the From and To addresses (neither is a uvm.edu address), the lack of personalization, incorrect "to" address, and link to a non-uvm.edu web site (that link has been removed in the example below).  And if one does the math, the mailbox is already at a size greater than the limit that supposedly prevents receiving mail.   


> From: "Sener, Stephen"
> Date: May 20, 2010 9:58:10 PM EDT
> To: "admin@helpdesk.org"
> Subject: [SPAM?:#] Quota Alert ! ! !
>
> Your mailbox has exceeded one or more size limits set by your
> administrator.
> Your mailbox size is 102145 KB.
> Mailbox size limits:
>
> You will receive a warning when your mailbox reaches 90000 KB.
> You cannot send mail when your mailbox reaches 100000 KB.
> You cannot send or receive mail when your mailbox reaches 100000
> KB.You may not be able to send or receive new mail until you reduce
> your mailbox size.
> To make more space available,
>
> Increase now
>
> Failure To Click This Link And Validate Your Quota May Result In
> Loss Of Important Information In Your Mailbox/Or Cause Limited
> Access To It.
> Thanks
> HELP DESK



Subject:     Mail box quota

The scam is evident from the From and Reply-To addresses (neither is a uvm.edu address), the lack of personalization, incorrect "to" address, and link to a non-uvm.edu web site.  


 
Date: Thu, 22 Apr 2010 13:42:04 -0400
From: "King, Cecil"
Reply-To: "King, Cecil"
Subject: Mail box quota
To: "King, Cecil"

ATTENTION.

Your mailbox has exceeded the storage limit which is 10GB as set by
your administrator, you are currently running on 10.9GB, you may not
be able to send or receive new mail until you re-validate your mailbox.

To re-validate your mailbox please
clickhere

Thanks

System Administrator

________________________________
This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).




Subject:     CONFIRM YOUR UVM EMAIL ACCOUNT TO AVIOD CLOSURE

The scam is evident from the Reply-To address (not is a uvm.edu address), the lack of personalization, incorrect "to" address, and the awkward language.  (In the sample shown below, the "From" address has been changed; the actual email has a valid uvm.edu email address.)


 
Subject:    CONFIRM YOUR UVM EMAIL ACCOUNT TO AVIOD CLOSURE
Date:    Mon, 29 Mar 2010 14:12:58 -0400
From:    xxxxxxxx xxx xxxxxxx
Reply-To:    universityaccountteam09@gmail.com
To:    COMISHelpDesk1@uvm.edu

Please Submit Your e-mail account information for update
of your account


DEAR University of Vermont webmail holders

This is a message from the University of Vermont
WEBSITE ACCOUNT Message Center for Communication to
all of our University of Vermont Webmail owners.

We are currently working on our database e-mail
In users.We are deleting all old unused
University of Vermont Webmail Account, for  more space
for new users.

To prevent your account not be deleted from
our database you are advised to confirm your
University of Vermont webmail account immediately.

Submit your account information below


Login Website: ....................
Username : ........................
Password :.........................
Date of Birth: ....................
Country or territory: .............

Warning! E-mail  owners who refuse to submit
E-mail account details, within seven days from
this date of receipt will loses his/her Webmail
account permanently.

Thank you,

University of Vermont Webmail Team

Please Submit Your e-mail account information for update
of your account




 

Subject:     Emergency Notification!!

The scam is evident from the From and Reply-To addresses (neither is a uvm.edu address), the lack of personalization, the link to a non-UVM web site, and the awkward language.  (In the link shown below, http has been changed to h__p to make the link nonfunctional.)


     Date: Sat, 27 Mar 2010 08:19:42 -0700 (PDT)
    From: The University of Vermont
Reply-To: The University of Vermont
 Subject: Emergency Notification!!
      To: "undisclosed recipients"@

Dear The University of Vermont Webmail subscriber,

We hereby announce to you that your email storage has exceeded its limit and your mail account will be deactivated. To avoid this please click on the link below.


h__p://www.webdb-confirm.uni.cc/?_$1$5HCM34pt$B4dsl8Ic8UcF1HPBzIj8U/$1$bgfK.yZk$5jBqy9BNuSxw3XElVDREY1$1$8CsWPvJd$8Y9tR77gEOxdyL9HULXIf1


Thank you.

The University of Vermont Webmail Management Team.






Subject:     Your profile will be locked in response to a complaint received by the Administration

The scam is evident from the From and Reply-To addresses (neither is a real uvm.edu address), the lack of personalization, and the awkward language. 


   Date: Wed, 17 Feb 2010 19:47:44 +0500
   From: " Administration uvm.edu"
Reply-To: " Administration uvm.edu"
Subject: Your profile will be locked in response to a complaint received by the Administration
     To: "<" <_____@uvm.edu>

***This message was created automatically by mail-delivery software. Do not reply to this message.***

Hello!
Your profile will be locked in response to a complaint received by the Administration 29.01.2010 ã.
According to "paragraph 8 of the user agreement, uvm.edu reserves the right to suspend or terminate the provision of services uvm.edu, promptly notifying the user.

Refute the statement may be, following this link:
http://smallurl.in/c524800d


If the application is not rejected within 7 days, your e-mail an account will be blocked.
It has a number 707684870998253.

In the near future we will contact you.
It takes up to 3 days to process your request.
Thank you!
--------------------------------
Sincerely,
mail support service
uvm.edu


 

Subject:     Verify

This message is classified by the UVM email system as spam.  The scam is evident from the From and Reply-To addresses (neither is a uvm.edu address!) and the lack of a To addresses. 


From: UVM SUPPORT
Date: December 22, 2009 8:54:10 PM EST
Subject: [SPAM?:#] Verify
Reply-To: supumail1@yahoo.com


Hello,

   You are required to reply to this mail and enter your
UserName and password below within 48 hours or your account
will be suspended.

UserName:
Password:

UVM SUPPORT.







Subject:     You Have 1 New Message.

This message is so concerned about security, it advises not sending credentials via email.  The scam is evident from the From and To addresses, and the fact that the link to click on is not at UVM. 


From: "UVM WebMail"
Date: November 11, 2009 5:38:09 PM EST
To: Undisclosed recipients: ;
Subject: You Have 1 New Message.


Welcome to UVM WebMail

Due to recent problem encountered with access to your UVM WebMail account you
are required to verify your Webmail information by clicking on the verify my Webmail account link below.


Verify My Webmail Account


Regards

Thank you for using UVM WebMail







Subject:     Technical Service

This message is so concerned about security, it advises not sending credentials via email.  The scam is evident from the From and To addresses, and the fact that the link to click on is not at UVM. 


Subject:     Technical Service
Date:     Thu, 5 Nov 2009 08:38:23 -0500
From:     Lewis Rodriguez (RIT Student)
To:    



You have exceeded the limit of your mailbox set by your IT
service, and you will be having problems in sending and recieving mails.
To prevent this, please click on the link below to reset your account.
*CLICK HERE *
Failure to do this, will result in limited access to your mailbox.
Warning!!! Do not send your username and password via email.
Regards,
WebCT Service





Dear Email user

 


From: "Heath, Kathy"
Date: November 9, 2009 4:40:49 AM EST


 
 
Dear Email user,
This message is from Administration centre Maintenance Policy verified that your mailbox exceeds its limit, you will be unable to receive
new email, To re-set your SPACE on our database prior to maintain your INBOX, you must click the link below.
Click Here: http://rpc.formmailhosting.com/showform.php?id=6254
(If the link above does not appear clickable or does not open a browser window when you click it, copy it and paste it into
your web browser's Location bar.)
Thank you for your cooperation.
Web Mail Technical Services





 

Dear UVM Webmail online Email Account Owner

 


Date: Mon, 29 Jun 2009 09:55:43 +0000
  From: UVM Webmaster online
Reply-To: UVM Webmaster online

Dear UVM Webmail online Email Account Owner,

Important notice, harmful virus was detected in your account which can be harmful to our subscriber unit.You are to enter your Username and Password here {____________, __________} to enable us set in an anti virus in your user account to clear up this virus. we do need your co-operation in this, Providing us with this information we enable us insert in your account an anti virus machine for clean up.

We are sorry for the inconveniences this might have cost you. Failure to do this, we are sorry to let you know that your account will be deleted immediately to prevent it from arming our subscriber unit.

Thank you for using UVM Webmail,
We are glad at your service,
UVM Webmaster online.





Update your webmail account now

 


From: "Technical Support Team"
Date: March 10, 2009 12:59:28 AM EDT
To: undisclosed-recipients:;
Subject: Update your webmail account now
Reply-To: techsupteam74@rocketmail.com

The Webmail Customer Care Unit wishes to inform you that we will having a
congestion due to the anonymous registration of accounts. So we are
shutting down and your account is among those to be deleted. We are
sending this email to you so that you can verify and let us know if you
still want to use this account. If you are still interested please confirm
your account by filling the space below (Your Username, password, and
country). We are requesting for this information to enable us carryout the
account update process for better services to all customers/subscribers.
Due to the congestion in all users and removal of all unused accounts, we
would be shutting down all unus




You have exceeded the storage limit for your mailbox

 


From: Kate Duncan
Date: Monday, Jan 12, 2009 8:31 pm
Subject: You have exceeded the storage limit for your mailbox
To: Undisclosed recipients:;

Your mailbox has exceeded the storage limit set by your administrator. You may not be able to send or receive new mail until your mailbox size is increased by your system administrator. You are required to contact your system administrator through e-mail with your Username:{ } and Password:{ } to increase your storage limit.

System Administrator
E-mail: systemquota@live.com

You will continue to receive this warning message periodically if your inbox size continues to exceed its size limit.

This email is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential.



E-Mail Account Maintainance

 


From: Anti-Spam Team
Date: December 4, 2008 9:56:55 AM EST (CA)
To:
Subject: E-Mail Account Maintainance
Reply-To: support-team@web.nl

Dear E-mail Account User,

We have temporarily limited all access to sensitive account features, To restore your account
access, you must reply to this email immediately with your E-mail account Username:
(.................) and password:(....................)

Due to the junk/spam emails you receive daily, we are currently upgrading all email accounts spam
filter to limit all unsolicited emails for security reasons and to upgrade your new and improved E-
mail account features and enhancements, to ensure you do not experience service interruption.

Note that you must reply to this email immediately with your user name and password in the space
provided to enable us upgrade your Account.

A confirmtion link will be send to you for the Re-Activation of your e-mail Account, as soon as we
received your response and you are to Click on the "Confirm E-mail" link on your mail Account box
and then enter the confirmation number: 1265-6778-8250-8393-5727

Your failure to provide your e-mail account login details will lead to a temporarly disabled of
your e-mail account or we will immediately deactivate your e-mail account from our database.

Thanks For Your Understanding.

Anti-Spam Team

 

PLEASE PROTECT YOUR UNIVERSITY OF VERMONT(uvm.edu) WEBMAIL ACCOUNT FROM BEING CLOSED

 


From: "uvm.UNIVERSITY OF VERMONT"
Date: December 4, 2008 11:10:08 PM EST (CA)
To: helpdesk1@uvm.edu
Subject: PLEASE PROTECT YOUR UNIVERSITY OF VERMONT(uvm.edu) WEBMAIL ACCOUNT FROM BEING CLOSED
Reply-To: uedu2008@yahoo.it

This is to notify you that we are presently UPGRADING our UNIVERSITY OF VERMONT
WEBMAIL, this maintenance can close your UNIVERSITY OF VERMONT WEBMAIL account
completely. Please do not say you were not informed, your urgent response is
highly needed, to protect your email account from being closed, please forward
your USERNAME and PASSWORD to our customer services with email address: uedu2008@yahoo.it
http://www.northerntel.ca

 

Contact UVM © 2014 The University of Vermont - Burlington, VT 05405 - (802) 656-3131