A round fishbowl with red goldfish
The UVM Phishbowl is designed to help members of UVM’s community identify phishing scams and report suspicious emails. A phishing scam is an attempt to steal your UVM credentials (your NetID and password) or other important personal information.

Below are emails that have been reported by the UVM community. A red X means it’s a scam, and the smiling green fish means it’s safe.

  • If you've received an email that seems suspicious and you don't find it here, please forward it with its headers intact to abuse@uvm.edu for review by the Information Security Office.
  • If you have spam (i.e., unsolicited commercial email that does not appear to target your personal information) that has eluded our spam filtering system (a false negative), please forward it with its headers intact to is-spam@uvm.edu.
  • Likewise, if you see a legitimate message in your Junk Email folder (a false positive), please forward it with its headers intact to not-spam@uvm.edu.

For more information about UVM's anti-spam, anti-malware, anti-phishing service, please see our Proofpoint Spam Filter Knowledge Base article.

"[Advanced Account verification for FSU]2FA Authentication", "[Enhanced Account Security as an alternative to 2FA ]Authentication." - received July 19, 2024

You can probably safely assume literally any email with a QR code in it is a scam.

"Scheduled Message - 372b2deb8fe25b7bbeb35d36bb25a044b128a4d6" - received June 14

This is definitely a scam. Even if something looks like it could plausibly be from UVM, make sure it's actually sending you to a real UVM website before clicking any links.


"ITS Help Desk Account Maintenance" - received March 22, 2024

SO many red flags in this one. UVM would never ask you to text a random phone number your password for ANY REASON. You should also never enter a passcode for Duo anywhere other than the UVM login page, nor approve any push notifications that are associated with anything other than you yourself logging in (regardless of what some email tells you to do).

Additional hint: If something asks for your Passw0rd, it is for sure a scam.

ATTN: Selected Account Holder,  Your UVM account has been programmed for upgrade due to our congested database server. We are currently undergoing maintenance which you're required to complete the procedures.

"Important Message for All Faculty - Staffs" - received March 20, 2024

Not sure why the "Financial Aid Department" would want you to enter your password into a Google form in order to read your mysterious unread messages, unless... wait - it's a scam!

Always check the link before clicking (it should be a uvm.edu address if it's something like this) but also think about whether what they're asking you to do makes sense. Feel free to forward to abuse@uvm.edu and ask if you're not sure.

"Salary Adjustment Acknowledgement" - received March 20, 2024

This is a phishing scam and it is extremely not appreciated. Don't open shady attachments from external senders, folks.



"CAVAS NOTIFICATION" - received January 26, 2024

Canvas? What? No, this one is definitely not legitimate.



"Response for you're doing" - received January 24, 2024

This is another scam utilizing the fact that it's very easy to spoof the "From" address on emails. This person does not actually have access to your account, but is trying to alarm you into thinking they do. Our spam filters catch most of these, but this one unfortunately made it through to some folks. You can safely discard this email if you received it.'uvm fee failed' phish

"Notice!" - received January 17, 2024

A "Notice!" about "University of Vermont News" from a non-UVM address is enough reason for skepticism, but as always, hovering over the link will let you know for sure. Despite having uvm-edu in the first part of the address, this link leads elsewhere (to a phishing site that attempts to steal your password).
"Notice!" phish

"I strongly recommend you check the information in this email" - received January 7, 2024

This one is a scam utilizing the fact that it's very easy to spoof the "From" address on emails by trying to scare you into thinking someone else has access to your account. Our spam filters catch most of these, but this one unfortunately made it through to some folks. You can safely discard this email if you received it.
screenshot of fake blackmail scam

"Student Employment Services" - received December 12, 2023

Too good to be true? Yes!

'student employment services' phish sample


"Notice From Microsoft`" - received December 12

This is not really from Microsoft and it is not legitimate. Put this one right in the trash.

"IT Support - Important Update" - received December 8

....what are email address hours even? This one is definitely a scam.

"Individual Assistance Program" - received November 2, 2023

This email is a scam, preying on folks who really need the money. If you hover over the link with your cursor, you can see it's sending you to a non-UVM website where it asks you for UVM credentials. UVM would not do this.


"ACTION REQUIRED NOW!" - received October 26, 2023

QR code abuse is becoming one of the most common ways to lure the unwitting into visiting phishing websites (like this one) or sites serving malware to anyone who visits. UVM wouldn't ask you to conduct any important business by hiding the target site's address in this way - be very skeptical of any QR code that you aren't expecting to see!

ACTION REQUIRED NOW phish screenshot

"Careful, it's important" - received September 20, 2023

If you received this email, you'll notice it appears to be sent from your own account. It isn't, actually - it is unfortunately very easy to spoof the from address on emails. Normally, these are caught by our spam filters, but this one seems to have gotten through to a few folks. If you did receive it, don't worry, your data has not actually been compromised and this email can be safely discarded.

overdue fee phishing scam


"Congratulations On Your Scholarship" - received August 16, 2023

Unfortunately, this scholarship is not real - another attempt at getting users' financial information. 

"Change Payment Method !!" - received August 15-16, 2023

This is a scam email trying to get your financial info. Always check the link before clicking and avoid any non-UVM links for anything like this.
'UVM' phishing scam

LEGITIMATE - "Your key audit is OVERDUE"

This is a legitimate email from the Division of Safety and Compliance - The key audit is a critical exercise that requires your response. If you have received this email, please complete the survey right away!

legitimate key audit email