University of Vermont

Information Technology

Account Expired Phishing Scam

An email with a Subject of "Account Expired", like others that tell you to "confirm," "upgrade," "activate," "verify," "validate," or "re-validate" your mailbox or your email account, or increase your quota, is a phishing scam -- an attempt to steal your UVM credentials (your Net-ID and password).   Please do not reply to it; simply delete the email.  

This phishing scam asks you to open an attachment.  Never open an email attachment you were not expecting to receive; even if it's from an apparently official or known source.  If in doubt, ask the sender if he or she really did send you the attachment.  "From" addresses are easily forged, and attachments can contain malicious software or links that take you to malicious web sites. 

Any email -- or attachment -- that asks you to to enter your UVM password on a non-UVM web site is a phishing scam. Do  not click links in such messages and do not reply.  Hover your cursor over links to see where they would take you; if it's not going to "http://www.uvm.edu/" or "http://uvm.edu/", don't click.  UVM will never ask you to enter your UVM Net-ID and password on a non-UVM web page -- even if it looks like a UVM page, and even if it's on a reputable site, such as Google Docs, 123contactform.com or contactme.com, or if it contains UVM graphics and you've been directed there by an email that appears to come from a UVM email address.

What to do if you've opened the attachment, or clicked on the link in it

If you've opened the attachment, or clicked on the link in it, you should change your password immediately at www.uvm.edu/account. Contact the UVM Computing Helpline if you need assistance changing your password.

For more information about phishing scams, view our Web page on protecting your NetID and password

If you are ever uncertain about the legitimacy of an email message concerning your uvm.edu account, please contact the Computing Help Line at 656-2604, or submit a help request online.

If you would like to report phishing, please forward the phishing email, as an attachment, to is-spam@labs.sophos.com and to abuse@uvm.edu. (To forward a message as an attachment using Thunderbird, go to the Message menu and select Forward As > Attachment.)

The "Account Expired" Phishing Scam

The message includes an attachment, and the attachment includes a link that would take you to a non-UVM web site.  It is never a good idea to open an attachment that you weren't expecting -- it could be a malicious file that would infect your computer.  UVM will never ask you to "verify your account" -- or enter your UVM Net-ID and password for any reason -- on a web site other than uvm.edu. 

From: Flowroute
Subject: Account Expired
Date: October 25, 2013 11:59:21 AM EDT
To: "myron.kapoodle@uvm.edu"

Flowroute UPDATE Account

You have to update your login info. View attachment and continue. Thank you!
MESSAGE-ID-1HDSA-DHAS871G-DAHS671-AJ12D

loginIDJB3.html (4 KB)

 The attachment is an html (web) file with a link to a phishing web site. 

 

 

Contact UVM © 2014 The University of Vermont - Burlington, VT 05405 - (802) 656-3131