Some UVM people have recently received a fake email quota warning email. As in previous phishing scams that continue to target various communities, including UVM, the message is an attempt to convince people to divulge their Network IDs, passwords, or other personal information. Please ignore these requests.

The latest scam message has a subject of "Quota Alert ! ! !" and appears to be from someone with a non-uvm.edu email address (full text below).  The messages tell recipients to respond to click on a link in the email to "make more space available".  

Do not click on the link and do not reply.  This email, and others like it, are phishing scams. 

If you have already replied to this email, or clicked the link, please change your UVM Network ID password immediately, using the secure online form at www.uvm.edu/account/, or criminals and hackers will have complete access to your confidential UVM information. Please call the Help Line at 656-2604 if you need assistance.

 

University of Vermont officials should never request your password, and you should never provide your password to someone who asks for it.

What is a Phishing Scam?

The Anti-Phishing Working Group (APWG) explains that phishing "attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials."

APWG offers useful tips to help you avoid becoming a victim of phishing or pharming:

• Be suspicious of any email with urgent requests for  personal financial information
• Don't use the links in an email to get to any web  page, if you suspect the message might not be authentic
• Avoid filling out forms in email messages that ask  for personal financial information
• Always ensure that you're using a secure website  when submitting credit card or other sensitive information  via your Web browser
• Consider installing a Web browser tool bar to help  protect you from known phishing fraud websites
• Regularly log into your online accounts
• Regularly check your bank, credit and debit card  satements to ensure that all transactions are legitimate
• Ensure that your browser is up to date and security  patches applied
• Always report "phishing" or "spoofed" e-mails

Visit the following resources to learn more about phishing and pharming prevention,  scam advisories, and to report yourself as a victim of phishing or pharming:

• Anti-Phishing Working Group
• Privacy Rights Clearinghouse - Identity Theft:What To Do if It Happens to You
  
• Federal Trade Commission - New FTC Videos Help Consumers Spot Phishing Scams
• Department of Justice - Special Report on Phishing
• Government Computer News - Is a new ID theft scam in the wings?

Keeping Scams Out of Your Inbox

To avoid or limit this type of spam in the future, you can tell the UVM email system to dump spam into a "spam" folder rather than delivering it to your Inbox.  (You can open your spam folder to check for messages there, but most people just ignore it, and the system automatically purges old spam so you don't have to worry about accumulating too much.)  A recommended spam "threshold" is 50%. 

What Does the Latest Phishing Scam Say?

Phishing scams are successful when they sound authentic, and are often customized to appear as though they come from a trusted source.  They often include a mix of real and bogus email addresses and web links (URLs).  Phishing scams often appear to come from UVM, although of course they do not.  While there are likely to be several variations on each scam, here are some the messages received by UVMers recently.

 

Subject:    Quota Alert ! ! !

The scam is evident from the From and To addresses (neither is a uvm.edu address), the lack of personalization, incorrect "to" address, and link to a non-uvm.edu web site (that link has been removed in the example below).  And if one does the math, the mailbox is already at a size greater than the limit that supposedly prevents receiving mail.   

> From: "Sener, Stephen" <sener@usc.edu> > Date: May 20, 2010 9:58:10 PM EDT > To: "admin@helpdesk.org" <admin@helpdesk.org> > Subject: [SPAM?:#] Quota Alert ! ! ! > > Your mailbox has exceeded one or more size limits set by your > administrator. > Your mailbox size is 102145 KB. > Mailbox size limits: > > You will receive a warning when your mailbox reaches 90000 KB. > You cannot send mail when your mailbox reaches 100000 KB. > You cannot send or receive mail when your mailbox reaches 100000 > KB.You may not be able to send or receive new mail until you reduce > your mailbox size. > To make more space available, > > Increase now > > Failure To Click This Link And Validate Your Quota May Result In > Loss Of Important Information In Your Mailbox/Or Cause Limited > Access To It. > Thanks > HELP DESK

Subject:     Mail box quota

The scam is evident from the From and Reply-To addresses (neither is a uvm.edu address), the lack of personalization, incorrect "to" address, and link to a non-uvm.edu web site.  

Date: Thu, 22 Apr 2010 13:42:04 -0400 From: "King, Cecil" <cecil.king@emory.edu> Reply-To: "King, Cecil" <cecil.king@emory.edu> Subject: Mail box quota To: "King, Cecil" <cecil.king@emory.edu> ATTENTION. Your mailbox has exceeded the storage limit which is 10GB as set by your administrator, you are currently running on 10.9GB, you may not be able to send or receive new mail until you re-validate your mailbox. To re-validate your mailbox please clickhere<h__p://geneo.freehostia.com/use/database/form1.html> Thanks System Administrator ________________________________ This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments).

Subject:     CONFIRM YOUR UVM EMAIL ACCOUNT TO AVIOD CLOSURE

The scam is evident from the Reply-To address (not is a uvm.edu address), the lack of personalization, incorrect "to" address, and the awkward language.  (In the sample shown below, the "From" address has been changed; the actual email has a valid uvm.edu email address.)

Subject:    CONFIRM YOUR UVM EMAIL ACCOUNT TO AVIOD CLOSURE Date:    Mon, 29 Mar 2010 14:12:58 -0400 From:    xxxxxxxx xxx xxxxxxx <xxxxxxxx@uvm.edu> Reply-To:    universityaccountteam09@gmail.com To:    COMISHelpDesk1@uvm.edu Please Submit Your e-mail account information for update of your account DEAR University of Vermont webmail holders This is a message from the University of Vermont WEBSITE ACCOUNT Message Center for Communication to all of our University of Vermont Webmail owners. We are currently working on our database e-mail In users.We are deleting all old unused University of Vermont Webmail Account, for  more space for new users. To prevent your account not be deleted from our database you are advised to confirm your University of Vermont webmail account immediately. Submit your account information below Login Website: .................... Username : ........................ Password :......................... Date of Birth: .................... Country or territory: ............. Warning! E-mail  owners who refuse to submit E-mail account details, within seven days from this date of receipt will loses his/her Webmail account permanently. Thank you, University of Vermont Webmail Team Please Submit Your e-mail account information for update of your account

Subject:     Emergency Notification!!

The scam is evident from the From and Reply-To addresses (neither is a uvm.edu address), the lack of personalization, the link to a non-UVM web site, and the awkward language.  (In the link shown below, http has been changed to h__p to make the link nonfunctional.)

Date: Sat, 27 Mar 2010 08:19:42 -0700 (PDT)     From: The University of Vermont <azteca48@sbcglobal.net> Reply-To: The University of Vermont <azteca48@sbcglobal.net>  Subject: Emergency Notification!!       To: "undisclosed recipients"@ Dear The University of Vermont Webmail subscriber, We hereby announce to you that your email storage has exceeded its limit and your mail account will be deactivated. To avoid this please click on the link below. h__p://www.webdb-confirm.uni.cc/?_$1$5HCM34pt$B4dsl8Ic8UcF1HPBzIj8U/$1$bgfK.yZk$5jBqy9BNuSxw3XElVDREY1$1$8CsWPvJd$8Y9tR77gEOxdyL9HULXI… Thank you. The University of Vermont Webmail Management Team.

Subject:     Your profile will be locked in response to a complaint received by the Administration

The scam is evident from the From and Reply-To addresses (neither is a real uvm.edu address), the lack of personalization, and the awkward language. 

Date: Wed, 17 Feb 2010 19:47:44 +0500    From: " Administration uvm.edu" <support-8@uvm.edu> Reply-To: " Administration uvm.edu" <support-8@uvm.edu> Subject: Your profile will be locked in response to a complaint received by the Administration      To: "<" <_____@uvm.edu> ***This message was created automatically by mail-delivery software. Do not reply to this message.*** Hello! Your profile will be locked in response to a complaint received by the Administration 29.01.2010 ã. According to "paragraph 8 of the user agreement, uvm.edu reserves the right to suspend or terminate the provision of services uvm.edu, promptly notifying the user. Refute the statement may be, following this link: http://smallurl.in/c524800d If the application is not rejected within 7 days, your e-mail an account will be blocked. It has a number 707684870998253. In the near future we will contact you. It takes up to 3 days to process your request. Thank you! -------------------------------- Sincerely, mail support service uvm.edu

Subject:     Verify

This message is classified by the UVM email system as spam.  The scam is evident from the From and Reply-To addresses (neither is a uvm.edu address!) and the lack of a To addresses. 

From: UVM SUPPORT <vtquach@asu.edu> Date: December 22, 2009 8:54:10 PM EST Subject: [SPAM?:#] Verify Reply-To: supumail1@yahoo.com Hello,    You are required to reply to this mail and enter your UserName and password below within 48 hours or your account will be suspended. UserName: Password: UVM SUPPORT.

Subject:     You Have 1 New Message.

This message is so concerned about security, it advises not sending credentials via email.  The scam is evident from the From and To addresses, and the fact that the link to click on is not at UVM. 

From: "UVM WebMail"<service@uvm.edu> Date: November 11, 2009 5:38:09 PM EST To: Undisclosed recipients: ; Subject: You Have 1 New Message. Welcome to UVM WebMail Due to recent problem encountered with access to your UVM WebMail account you are required to verify your Webmail information by clicking on the verify my Webmail account link below. Verify My Webmail Account Regards Thank you for using UVM WebMail

Subject:     Technical Service

This message is so concerned about security, it advises not sending credentials via email.  The scam is evident from the From and To addresses, and the fact that the link to click on is not at UVM. 

Subject:     Technical Service Date:     Thu, 5 Nov 2009 08:38:23 -0500 From:     Lewis Rodriguez (RIT Student) <lmr0197@rit.edu> To:     <info@webct.com> You have exceeded the limit of your mailbox set by your IT service, and you will be having problems in sending and recieving mails. To prevent this, please click on the link below to reset your account. *CLICK HERE <http://rpc.formmailhosting.com/showform.php?id=6233&gt;* Failure to do this, will result in limited access to your mailbox. Warning!!! Do not send your username and password via email. Regards, WebCT Service

Dear Email user

 

From: "Heath, Kathy" <KHEATH@tsc.k12.in.us> Date: November 9, 2009 4:40:49 AM EST     Dear Email user, This message is from Administration centre Maintenance Policy verified that your mailbox exceeds its limit, you will be unable to receive new email, To re-set your SPACE on our database prior to maintain your INBOX, you must click the link below. Click Here: http://rpc.formmailhosting.com/showform.php?id=6254 (If the link above does not appear clickable or does not open a browser window when you click it, copy it and paste it into your web browser's Location bar.) Thank you for your cooperation. Web Mail Technical Services

Dear UVM Webmail online Email Account Owner

 

Date: Mon, 29 Jun 2009 09:55:43 +0000   From: UVM Webmaster online <uvm.edu-webmaster@mchsi.com> Reply-To: UVM Webmaster online <uvm.edu-webmaster@mchsi.com> Dear UVM Webmail online Email Account Owner, Important notice, harmful virus was detected in your account which can be harmful to our subscriber unit.You are to enter your Username and Password here {____________, __________} to enable us set in an anti virus in your user account to clear up this virus. we do need your co-operation in this, Providing us with this information we enable us insert in your account an anti virus machine for clean up. We are sorry for the inconveniences this might have cost you. Failure to do this, we are sorry to let you know that your account will be deleted immediately to prevent it from arming our subscriber unit. Thank you for using UVM Webmail, We are glad at your service, UVM Webmaster online.

Update your webmail account now

 

From: "Technical Support Team" <info@support.net> Date: March 10, 2009 12:59:28 AM EDT To: undisclosed-recipients:; Subject: Update your webmail account now Reply-To: techsupteam74@rocketmail.com The Webmail Customer Care Unit wishes to inform you that we will having a congestion due to the anonymous registration of accounts. So we are shutting down and your account is among those to be deleted. We are sending this email to you so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below (Your Username, password, and country). We are requesting for this information to enable us carryout the account update process for better services to all customers/subscribers. Due to the congestion in all users and removal of all unused accounts, we would be shutting down all unus

You have exceeded the storage limit for your mailbox

 

From: Kate Duncan <Kate.Duncan@asu.edu> Date: Monday, Jan 12, 2009 8:31 pm Subject: You have exceeded the storage limit for your mailbox To: Undisclosed recipients:; Your mailbox has exceeded the storage limit set by your administrator. You may not be able to send or receive new mail until your mailbox size is increased by your system administrator. You are required to contact your system administrator through e-mail with your Username:{ } and Password:{ } to increase your storage limit. System Administrator E-mail: systemquota@live.com You will continue to receive this warning message periodically if your inbox size continues to exceed its size limit. This email is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential.

E-Mail Account Maintainance

 

From: Anti-Spam Team <support-team@web.nl> Date: December 4, 2008 9:56:55 AM EST (CA) To: <webmaster@anti-spam.edu> Subject: E-Mail Account Maintainance Reply-To: support-team@web.nl Dear E-mail Account User, We have temporarily limited all access to sensitive account features, To restore your account access, you must reply to this email immediately with your E-mail account Username: (.................) and password:(....................) Due to the junk/spam emails you receive daily, we are currently upgrading all email accounts spam filter to limit all unsolicited emails for security reasons and to upgrade your new and improved E- mail account features and enhancements, to ensure you do not experience service interruption. Note that you must reply to this email immediately with your user name and password in the space provided to enable us upgrade your Account. A confirmtion link will be send to you for the Re-Activation of your e-mail Account, as soon as we received your response and you are to Click on the "Confirm E-mail" link on your mail Account box and then enter the confirmation number: 1265-6778-8250-8393-5727 Your failure to provide your e-mail account login details will lead to a temporarly disabled of your e-mail account or we will immediately deactivate your e-mail account from our database. Thanks For Your Understanding. Anti-Spam Team

PLEASE PROTECT YOUR UNIVERSITY OF VERMONT(uvm.edu) WEBMAIL ACCOUNT FROM BEING CLOSED

 

From: "uvm.UNIVERSITY OF VERMONT"<uedu2008@yahoo.it> Date: December 4, 2008 11:10:08 PM EST (CA) To: helpdesk1@uvm.edu Subject: PLEASE PROTECT YOUR UNIVERSITY OF VERMONT(uvm.edu) WEBMAIL ACCOUNT FROM BEING CLOSED Reply-To: uedu2008@yahoo.it This is to notify you that we are presently UPGRADING our UNIVERSITY OF VERMONT WEBMAIL, this maintenance can close your UNIVERSITY OF VERMONT WEBMAIL account completely. Please do not say you were not informed, your urgent response is highly needed, to protect your email account from being closed, please forward your USERNAME and PASSWORD to our customer services with email address: uedu2008@yahoo.it http://www.northerntel.ca