University of Vermont

Information Technology

Return of the "Quarterly verification exercise" Phish

Email with a Subject of "Quarterly verification exercise" is a phishing scam -- an attempt to steal your UVM credentials (your Net-ID and password).   Please do not click on the link in the message, and don't reply to it; simply delete the email.  

Any email that asks you to to enter your UVM password on a non-UVM web site  is a phishing scam. Do  not click links in such messages and do not reply.  Hover your cursor over links to see where they would take you; if it's not going directly to "http://www.uvm.edu/" or "http://uvm.edu/", don't click.  If you go to a site and the address bar in your web browser doesn't show it's a uvm.edu site, quit or exit your browser.  UVM will never ask you to enter your UVM Net-ID and password on a non-UVM web page -- even if it looks like a UVM page, and even if it's on a reputable site, such as Google Docs, 123contactform.com or contactme.com, or if it contains UVM graphics and you've been directed there by an email that appears to come from a UVM email address.

What to do if you've clicked on the link

If you've followed the link in the message, or replied to this email or one like it, you should change your password immediately at www.uvm.edu/account. Contact the UVM Computing Helpline if you need assistance changing your password.

For more information about phishing scams, view our Web page on protecting your NetID and password

If you are ever uncertain about the legitimacy of an email message concerning your uvm.edu account, please contact the Computing Help Line at 656-2604, or submit a help request online.

If you would like to report phishing, please forward the phishing email, as an attachment, to is-spam@labs.sophos.com and to abuse@uvm.edu. (To forward a message as an attachment using Thunderbird, go to the Message menu and select Forward As > Attachment.)

The "Quarterly verification exercise" Phishing Scam

The link in this message would take you to a malicious non-UVM site.

From: "Help Desk" <helpdesk@sdsu.edu>
Subject: Quarterly verification exercise
Date: October 24, 2013 4:43:41 PM EDT
To: "_@calstatela.edu" <helpdesk@sdsu.edu>

Attention
 
In an effort to enhance account security starting today October 24, 2013, all mail user accounts both employees and students will be subject to a quarterly verification process. Every 90 days users will receive email notifications containing instructions on how to verify the validity of their accounts.
 
Please verify now
 
The grace period for completing account verification will be 5 days. At the end of the 5-day period all unverified accounts will be disabled. Disabled accounts will be periodically deleted. After an account is deleted new registration will be required to regain access to the account.
 
Administrator

 

The same phishing attack was attempted just two months ago:

From: "Held Desk"
Date: Fri, 30 Aug 2013 07:49:05 -0700
To: mkappodl@uvm.edu
Subject: Re: Quarterly verification exercise


  Attention


   In an effort to enhance account security starting August 31, 2013, all mail user accounts both employees and students will be subject to a quarterly verification process. Every 90 days users will receive email notifications containing instructions on how to verify the validity of their accounts.     Please verify now     The grace period for completing account verification will be 5 days. At the end of the 5-day period all unverified accounts will be disabled. Disabled accounts will be periodically deleted. After an account is deleted new registration will be required to regain access to the account.

Administrator 

 

 

 

 

Contact UVM © 2014 The University of Vermont - Burlington, VT 05405 - (802) 656-3131