A round fishbowl with red goldfish
The UVM Phishbowl is designed to help members of UVM’s community identify phishing scams and report suspicious emails. A phishing scam is an attempt to steal your UVM credentials (your NetID and password) or other important personal information.

Below are emails that have been reported by the UVM community. A red X means it’s a scam, and the smiling green fish means it’s safe.

  • If you've received an email that seems suspicious and you don't find it here, please forward it with its headers intact to abuse@uvm.edu for review by the Information Security Office.
  • If you have spam (i.e., unsolicited commercial email that does not appear to target your personal information) that has eluded our spam filtering system (a false negative), please forward it with its headers intact to is-spam@uvm.edu.
  • Likewise, if you see a legitimate message in your Junk Email folder (a false positive), please forward it with its headers intact to not-spam@uvm.edu.

For more information about UVM's anti-spam, anti-malware, anti-phishing service, please see our Proofpoint Spam Filter Knowledge Base article.

"We expect you to strictly adhere and address this!!" - received September 26, 2022

And we expect you to create a more convincing email! Always hover over the link. If it doesn't end in '.uvm.edu', don't click on it.

We notice that your office 365 has two info different logins with two universities portals. Kindly indicate the two info logins as soon as possible.

"Student Administrative Assistant Position" - received September 12, 2022

A classic phishing scam - remember, if it sounds too good to be true, it probably is.

Dear Students, Work at your convenience and earn $450 weekly. It's a flexible part-time job.

'UVM HELP-DESK' - and 'UVM EMAIL UPDATE' received August 31 and September 8, 2022

Here's another variation on this ongoing campaign, as usual trying to capitalize on FUD (Fear, Uncertainty, Doubt).

'Approved Job Alert' - received September 8, 2022

We're able to filter out most of the millions of financial scams that come our way each year, but sometimes attackers use compromised UVM credentials, making them both more difficult to detect and more likely to appear legitimate to potential victims. Here's a recent sample, leading to a Google Form that seeks to open a channel of communication that they hope will result in opportunities for fraud.

Approved Job Alert scam

"CLICK NOW" - received September 8, 2022

This one is a visual change of pace, but it's still credential phishing. Fortunately Google acted quickly, and the Google Doc that was harvesting credentials was taken down shortly after we reported it.

CLICK NOW phish

"EMAIL UPDATE" - received August 29, 2022

"EMAIL UPDATE" is back, this time referencing 'security reasons'. If there were security issues with your account, we would have locked it already!

"EMAIL UPDATE" phish

'noreply@uvm.edu' and 'Web-service<notification@mail-webservices.uvm.edu' - received August 24, 2022

These two phish leveraged compromised UVM accounts and also took special care to obfuscate the URL. Be sure to check where the link really leads, however - these lead to a jotform.com and squarespace.com URL, respectively, not uvm.edu.

 

 

ATTENTION!!! - received May 25, 2022

This phish is trying to scare you into entering your credentials to avoid termination of your account - a common tactic for phishing emails.

Your Password Will Expire Today! / UVM Mail Compromised! / Technology Services. - received May 21-22, 2022

None of these emails from this weekend trying to get you to enter your UVM credentials to fix an "urgent issue" are legitimate.

"Password will Expire today!", "Mail Notice!", "Urgent Notice!" - received April 27, 2022

Three subject variations, but all the same content that attempts to induce you to visiting a non-UVM website and enter your NetID and password. As always, be sure to always take a look at the address bar before entering any sensitive information into a website.

 

Password expiration phish

"Mail Notice!" - received April 25, 2022

You've seen this before...last week, even! Needless to say we wouldn't send you to a squarespace address to address anything important with your account.

 

"Mail Notice!" phish

 

Suspension Notice - received April 18, 2022

It is unfortunately quite easy to fake the "From" address on emails. Always be sure to check where the email is trying to send you by hovering over the link and avoiding it if it's not a "uvm.edu" address.

"Information@uvm.edu" - received March 11, 2022

You're on Spring Break, but the scammers aren't! Here's the latest phish:

'information@uvm.edu' phish

"Emergency" - received February 25, 2022

More of the same...as always, if it makes you feel fear, uncertainty, or doubt it's worth an extra dose of skepticism.

Emergench phish