An email message some UVM people have received this weekend is the
latest in a series of email phishing scams that continue to
target various communities,
including UVM, in an attempt to convince people to divulge their
Network IDs, passwords, or other personal information. Please ignore
these requests.
The latest scam message has a subject of "Emergency Notification!!" and appears to be from "The University of Vermont" with various email addresses along the lines of <azteca48@sbcglobal.net> (full text below). The messages tell recipients to click a link to avoid account deactivation. The link would take one to a non-UVM web site that the scammer has set up, such as www.webdb-confirm.uni.cc.
Do not reply, and do not click on the link in the message. This email, and others like it, are phishing scams.
If you have already replied to, or clicked the link, in this email, or a similar message, please change your UVM Network ID password immediately, using the secure online form at uvm.edu/account/, or criminals and hackers will have complete access to your confidential UVM information. Please call the Help Line at 656-2604 if you need assistance.
APWG offers useful tips to help you avoid becoming a victim of phishing or pharming:
Visit the following resources to learn more about phishing and pharming prevention, scam advisories, and to report yourself as a victim of phishing or pharming:
The latest scam message has a subject of "Emergency Notification!!" and appears to be from "The University of Vermont" with various email addresses along the lines of <azteca48@sbcglobal.net> (full text below). The messages tell recipients to click a link to avoid account deactivation. The link would take one to a non-UVM web site that the scammer has set up, such as www.webdb-confirm.uni.cc.
Do not reply, and do not click on the link in the message. This email, and others like it, are phishing scams.
If you have already replied to, or clicked the link, in this email, or a similar message, please change your UVM Network ID password immediately, using the secure online form at uvm.edu/account/, or criminals and hackers will have complete access to your confidential UVM information. Please call the Help Line at 656-2604 if you need assistance.
University of Vermont officials should never
request your password, and you should never provide your password to
someone who asks for it.
Keeping Scams Out of Your Inbox
To avoid or limit this type of spam in the future, you can tell the UVM email system to dump spam into a "spam" folder rather than delivering it to your Inbox. (You can open your spam folder to check for messages there, but most people just ignore it, and the system automatically purges old spam so you don't have to worry about accumulating too much.) A recommended spam "threshold" is 50%.What is a Phishing Scam?
The Anti-Phishing Working Group (APWG) explains that phishing "attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials."APWG offers useful tips to help you avoid becoming a victim of phishing or pharming:
- Be suspicious of any email with urgent requests for personal financial information
- Don't use the links in an email to get to any web page, if you suspect the message might not be authentic
- Avoid filling out forms in email messages that ask for personal financial information
- Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
- Consider installing a Web browser tool bar to help protect you from known phishing fraud websites
- Regularly log into your online accounts
- Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
- Ensure that your browser is up to date and security patches applied
- Always report "phishing" or "spoofed" e-mails
Visit the following resources to learn more about phishing and pharming prevention, scam advisories, and to report yourself as a victim of phishing or pharming:
- Anti-Phishing Working Group
- Privacy
Rights
Clearinghouse - Identity Theft:What To Do if It Happens to You
- Federal Trade Commission - New FTC Videos Help Consumers Spot Phishing Scams
- Department of Justice - Special Report on Phishing
- Government Computer News - Is a new ID theft scam in the wings?
What Does the Latest Phishing Scam Say?
Phishing scams are successful when they sound authentic, and are often customized to appear as though they come from a trusted source. They often include a mix of real and bogus email addresses and web links (URLs). Phishing scams often appear to come from UVM, although of course they do not. While there are likely to be several variations on each scam, here are some the messages received by UVMers recently.Subject: Emergency Notification!!
The scam is evident from the From and Reply-To addresses (neither is a uvm.edu address), the lack of personalization, the link to a non-UVM web site, and the awkward language. (In the link shown below, http has been changed to h__p to make the link nonfunctional.)Date: Sat, 27 Mar 2010 08:19:42 -0700 (PDT) From: The University of Vermont <azteca48@sbcglobal.net> Reply-To: The University of Vermont <azteca48@sbcglobal.net> Subject: Emergency Notification!! To: "undisclosed recipients"@ Dear The University of Vermont Webmail subscriber, We hereby announce to you that your email storage has exceeded its limit and your mail account will be deactivated. To avoid this please click on the link below. h__p://www.webdb-confirm.uni.cc/?_$1$5HCM34pt$B4dsl8Ic8UcF1HPBzIj8U/$1$bgfK.yZk$5jBqy9BNuSxw3XElVDREY1$1$8CsWPvJd$8Y9tR77gEOxdyL9HULXI… Thank you. The University of Vermont Webmail Management Team. |
Subject: Your profile will be locked in response to a complaint received by the Administration
The scam is evident from the From and Reply-To addresses (neither is a real uvm.edu address), the lack of personalization, and the awkward language.Date: Wed, 17 Feb 2010 19:47:44 +0500 From: " Administration uvm.edu" <support-8@uvm.edu> Reply-To: " Administration uvm.edu" <support-8@uvm.edu> Subject: Your profile will be locked in response to a complaint received by the Administration To: "<" <_____@uvm.edu> ***This message was created automatically by mail-delivery software. Do not reply to this message.*** Hello! Your profile will be locked in response to a complaint received by the Administration 29.01.2010 ã. According to "paragraph 8 of the user agreement, uvm.edu reserves the right to suspend or terminate the provision of services uvm.edu, promptly notifying the user. Refute the statement may be, following this link: http://smallurl.in/c524800d If the application is not rejected within 7 days, your e-mail an account will be blocked. It has a number 707684870998253. In the near future we will contact you. It takes up to 3 days to process your request. Thank you! -------------------------------- Sincerely, mail support service uvm.edu |
Subject: Verify
This message is classified by the UVM email system as spam. The scam is evident from the From and Reply-To addresses (neither is a uvm.edu address!) and the lack of a To addresses.From: UVM SUPPORT <vtquach@asu.edu> Date: December 22, 2009 8:54:10 PM EST Subject: [SPAM?:#] Verify Reply-To: supumail1@yahoo.com Hello, You are required to reply to this mail and enter your UserName and password below within 48 hours or your account will be suspended. UserName: Password: UVM SUPPORT. |
Subject: You Have 1 New Message.
This message is so concerned about security, it advises not sending credentials via email. The scam is evident from the From and To addresses, and the fact that the link to click on is not at UVM.From: "UVM WebMail"<service@uvm.edu> Date: November 11, 2009 5:38:09 PM EST To: Undisclosed recipients: ; Subject: You Have 1 New Message. Welcome to UVM WebMail Due to recent problem encountered with access to your UVM WebMail account you are required to verify your Webmail information by clicking on the verify my Webmail account link below. Verify My Webmail Account Regards Thank you for using UVM WebMail |
Subject: Technical Service
This message is so concerned about security, it advises not sending credentials via email. The scam is evident from the From and To addresses, and the fact that the link to click on is not at UVM.Subject: Technical Service Date: Thu, 5 Nov 2009 08:38:23 -0500 From: Lewis Rodriguez (RIT Student) <lmr0197@rit.edu> To: <info@webct.com> You have exceeded the limit of your mailbox set by your IT service, and you will be having problems in sending and recieving mails. To prevent this, please click on the link below to reset your account. *CLICK HERE <http://rpc.formmailhosting.com/showform.php?id=6233>* Failure to do this, will result in limited access to your mailbox. Warning!!! Do not send your username and password via email. Regards, WebCT Service |
Dear Email user
From: "Heath, Kathy" <KHEATH@tsc.k12.in.us> Date: November 9, 2009 4:40:49 AM EST Dear Email user, This message is from Administration centre Maintenance Policy verified that your mailbox exceeds its limit, you will be unable to receive new email, To re-set your SPACE on our database prior to maintain your INBOX, you must click the link below. Click Here: http://rpc.formmailhosting.com/showform.php?id=6254 (If the link above does not appear clickable or does not open a browser window when you click it, copy it and paste it into your web browser's Location bar.) Thank you for your cooperation. Web Mail Technical Services |
Dear UVM Webmail online Email Account Owner
Date: Mon, 29 Jun 2009 09:55:43 +0000 From: UVM Webmaster online <uvm.edu-webmaster@mchsi.com> Reply-To: UVM Webmaster online <uvm.edu-webmaster@mchsi.com> Dear UVM Webmail online Email Account Owner, Important notice, harmful virus was detected in your account which can be harmful to our subscriber unit.You are to enter your Username and Password here {____________, __________} to enable us set in an anti virus in your user account to clear up this virus. we do need your co-operation in this, Providing us with this information we enable us insert in your account an anti virus machine for clean up. We are sorry for the inconveniences this might have cost you. Failure to do this, we are sorry to let you know that your account will be deleted immediately to prevent it from arming our subscriber unit. Thank you for using UVM Webmail, We are glad at your service, UVM Webmaster online. |
Update your webmail account now
From: "Technical Support Team" <info@support.net> Date: March 10, 2009 12:59:28 AM EDT To: undisclosed-recipients:; Subject: Update your webmail account now Reply-To: techsupteam74@rocketmail.com The Webmail Customer Care Unit wishes to inform you that we will having a congestion due to the anonymous registration of accounts. So we are shutting down and your account is among those to be deleted. We are sending this email to you so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below (Your Username, password, and country). We are requesting for this information to enable us carryout the account update process for better services to all customers/subscribers. Due to the congestion in all users and removal of all unused accounts, we would be shutting down all unus |
You have exceeded the storage limit for your mailbox
From: Kate Duncan <Kate.Duncan@asu.edu> Date: Monday, Jan 12, 2009 8:31 pm Subject: You have exceeded the storage limit for your mailbox To: Undisclosed recipients:; Your mailbox has exceeded the storage limit set by your administrator. You may not be able to send or receive new mail until your mailbox size is increased by your system administrator. You are required to contact your system administrator through e-mail with your Username:{ } and Password:{ } to increase your storage limit. System Administrator E-mail: systemquota@live.com You will continue to receive this warning message periodically if your inbox size continues to exceed its size limit. This email is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. |
E-Mail Account Maintainance
From: Anti-Spam Team <support-team@web.nl> Date: December 4, 2008 9:56:55 AM EST (CA) To: <webmaster@anti-spam.edu> Subject: E-Mail Account Maintainance Reply-To: support-team@web.nl Dear E-mail Account User, We have temporarily limited all access to sensitive account features, To restore your account access, you must reply to this email immediately with your E-mail account Username: (.................) and password:(....................) Due to the junk/spam emails you receive daily, we are currently upgrading all email accounts spam filter to limit all unsolicited emails for security reasons and to upgrade your new and improved E- mail account features and enhancements, to ensure you do not experience service interruption. Note that you must reply to this email immediately with your user name and password in the space provided to enable us upgrade your Account. A confirmtion link will be send to you for the Re-Activation of your e-mail Account, as soon as we received your response and you are to Click on the "Confirm E-mail" link on your mail Account box and then enter the confirmation number: 1265-6778-8250-8393-5727 Your failure to provide your e-mail account login details will lead to a temporarly disabled of your e-mail account or we will immediately deactivate your e-mail account from our database. Thanks For Your Understanding. Anti-Spam Team |
PLEASE PROTECT YOUR UNIVERSITY OF VERMONT(uvm.edu) WEBMAIL ACCOUNT FROM BEING CLOSED
From: "uvm.UNIVERSITY OF VERMONT"<uedu2008@yahoo.it> Date: December 4, 2008 11:10:08 PM EST (CA) To: helpdesk1@uvm.edu Subject: PLEASE PROTECT YOUR UNIVERSITY OF VERMONT(uvm.edu) WEBMAIL ACCOUNT FROM BEING CLOSED Reply-To: uedu2008@yahoo.it This is to notify you that we are presently UPGRADING our UNIVERSITY OF VERMONT WEBMAIL, this maintenance can close your UNIVERSITY OF VERMONT WEBMAIL account completely. Please do not say you were not informed, your urgent response is highly needed, to protect your email account from being closed, please forward your USERNAME and PASSWORD to our customer services with email address: uedu2008@yahoo.it http://www.northerntel.ca |