A round fishbowl with red goldfish
The UVM Phishbowl is designed to help members of UVM’s community identify phishing scams and report suspicious emails. A phishing scam is an attempt to steal your UVM credentials (your NetID and password) or other important personal information.

Below are emails that have been reported by the UVM community. A red X means it’s a scam, and the smiling green fish means it’s safe.

  • If you've received an email that seems suspicious and you don't find it here, please forward it with its headers intact to abuse@uvm.edu for review by the Information Security Office.
  • If you have spam (i.e., unsolicited commercial email that does not appear to target your personal information) that has eluded our spam filtering system (a false negative), please forward it with its headers intact to is-spam@uvm.edu.
  • Likewise, if you see a legitimate message in your Junk Email folder (a false positive), please forward it with its headers intact to not-spam@uvm.edu.

For more information about UVM's anti-spam, anti-malware, anti-phishing service, please see our Proofpoint Spam Filter Knowledge Base article.

"UVM Overdue Bill !!!" - received November 28, 2022

While we've certainly had a steady stream of phishing scams this semester, you may notice an uptick around the holidays and exam week - attackers are aware of our calendar, and are likely to increase their activity when you might be distracted or stressed. Here's one trying to leverage the anxiety and uncertainty of this time of year:

"noreply@uvm.edu" - received November 10/11, 2022

Three different subjects, several different message bodies, but still the same nonsensical and threatening language about your account being removed (OR an account verification exercise, "urgent" password expiration, etc. - please see the two other Nov 10 emails for examples). Always check that URL - this one leads to a jotform address, not uvm.edu:

"Your password will expire!" - received Nov 10

This is not a legitimate email about your password expiring. If you need to update your password, you can do so at account.uvm.edu.

(We would also give you more than 24 hours for the first notice about your password expiring.)

"Webauth.uvm.edu" - received Nov 10

This email about phishing attacks is, itself, a phish. Why must they torment us so?

For the record - UVM will never ask you to "verify account." Especially not on a random squarespace site.

 

"OVERDUE UVM PAYMENT !!!" and "URGENT NOTIFICATION !!!" - received October 31, 2022

Happy Halloween! Unfortunately you've probably seen several of these lovely tricks in your inbox today - note the URL in the link. Also note that they've made the amount you supposedly 'owe' very small so that you're tempted to enter your credit card info without thinking too much about it! Don't give any treats to the attackers, please, or we'll never get them off the front porch.

 

"The University of Vermont shared a file with you" - received October 27, 2022

This one is a bit tricky - it looks like a file transfer notification, but it really leads to a phishing page! Remember that UVM's filetransfer service can be found at https://filetransfer.uvm.edu, not 'fluidui[.]com'.

file transfer phish

 

"UVM" - received October 18, 2022

We've been free of these for a few weeks, but here's more of the same - threatening language, odd capitalization and punctuation, and a link that leads somewhere other than uvm.edu:

'UVM' phishing scam

"We expect you to strictly adhere and address this!!" - received September 26, 2022

And we expect you to create a more convincing email! Always hover over the link. If it doesn't end in '.uvm.edu', don't click on it.

We notice that your office 365 has two info different logins with two universities portals. Kindly indicate the two info logins as soon as possible.

"Student Administrative Assistant Position" - received September 12, 2022

A classic phishing scam - remember, if it sounds too good to be true, it probably is.

Dear Students, Work at your convenience and earn $450 weekly. It's a flexible part-time job.

'UVM HELP-DESK' - and 'UVM EMAIL UPDATE' received August 31 and September 8, 2022

Here's another variation on this ongoing campaign, as usual trying to capitalize on FUD (Fear, Uncertainty, Doubt).

'Approved Job Alert' - received September 8, 2022

We're able to filter out most of the millions of financial scams that come our way each year, but sometimes attackers use compromised UVM credentials, making them both more difficult to detect and more likely to appear legitimate to potential victims. Here's a recent sample, leading to a Google Form that seeks to open a channel of communication that they hope will result in opportunities for fraud.

Approved Job Alert scam

"CLICK NOW" - received September 8, 2022

This one is a visual change of pace, but it's still credential phishing. Fortunately Google acted quickly, and the Google Doc that was harvesting credentials was taken down shortly after we reported it.

CLICK NOW phish

"EMAIL UPDATE" - received August 29, 2022

"EMAIL UPDATE" is back, this time referencing 'security reasons'. If there were security issues with your account, we would have locked it already!

"EMAIL UPDATE" phish

'noreply@uvm.edu' and 'Web-service<notification@mail-webservices.uvm.edu' - received August 24, 2022

These two phish leveraged compromised UVM accounts and also took special care to obfuscate the URL. Be sure to check where the link really leads, however - these lead to a jotform.com and squarespace.com URL, respectively, not uvm.edu.

 

 

ATTENTION!!! - received May 25, 2022

This phish is trying to scare you into entering your credentials to avoid termination of your account - a common tactic for phishing emails.

Your Password Will Expire Today! / UVM Mail Compromised! / Technology Services. - received May 21-22, 2022

None of these emails from this weekend trying to get you to enter your UVM credentials to fix an "urgent issue" are legitimate.