Notifiction, eh? Yet another credential phishing effort, steer clear.

Three different phishing emails from the same scammers, using a variety of tactics to try to get your UVM credentials and/or financial information.

These emails all pointing to the same scam website are not legitimate, even though they are higher effort than the average phish.

This is admittedly a poor effort but does appear to be quite widespread. Coming on the heels of other phish with similar themes, this one may sow enough uncertaintly to catch some people.

This is a phishing scam sent from a compromised account. If there were actually suspicious activity, the account would be locked.

This phish is trying to scare you into entering your credentials to avoid termination of your account - a common tactic for phishing emails.

This campaign uses three separate subjects and message bodies leading to two different addresses, and the target URLs lead to a decent approximation of UVM's single-sign-on portal. It's a decent effort! As always, make sure you're really at uvm.edu before entering your NetID and password.

This email is a scam, preying on people who especially would need this kind of payment. Their goal is to get your financial info to steal money from you.

If you ever aren't sure if an email like this is a scam, forward it to abuse@uvm.edu and ask us to let you know.

While we've certainly had a steady stream of phishing scams this semester, you may notice an uptick around the holidays and exam week - attackers are aware of our calendar, and are likely to increase their activity when you might be distracted or stressed. Here's one trying to leverage the anxiety and uncertainty of this time of year:

Three different subjects, several different message bodies, but still the same nonsensical and threatening language about your account being removed (OR an account verification exercise, "urgent" password expiration, etc. - please see the two other Nov 10 emails for examples). Always check that URL - this one leads to a jotform address, not uvm.edu:

This is not a legitimate email about your password expiring. If you need to update your password, you can do so at account.uvm.edu.

(We would also give you more than 24 hours for the first notice about your password expiring.)

This email about phishing attacks is, itself, a phish. Why must they torment us so?

For the record - UVM will never ask you to "verify account." Especially not on a random squarespace site.

Happy Halloween! Unfortunately you've probably seen several of these lovely tricks in your inbox today - note the URL in the link. Also note that they've made the amount you supposedly 'owe' very small so that you're tempted to enter your credit card info without thinking too much about it! Don't give any treats to the attackers, please, or we'll never get them off the front porch.

This one is a bit tricky - it looks like a file transfer notification, but it really leads to a phishing page! Remember that UVM's filetransfer service can be found at https://filetransfer.uvm.edu, not 'fluidui[.]com'.

We've been free of these for a few weeks, but here's more of the same - threatening language, odd capitalization and punctuation, and a link that leads somewhere other than uvm.edu:

And we expect you to create a more convincing email! Always hover over the link. If it doesn't end in '.uvm.edu', don't click on it.

A classic phishing scam - remember, if it sounds too good to be true, it probably is.

Here's another variation on this ongoing campaign, as usual trying to capitalize on FUD (Fear, Uncertainty, Doubt).