"Human Resources Contact Form" - received May 26, 2021
Watch out for non-UVM shortened URLs - UVM websites should use go.uvm.edu addresses when they are shortened (not bit.ly or similar).
"UVM Help Desk", "The University of Vermont", "Action Required! Cancel Mail Termination", and "Cancel Office365 Mail Termination!" - received May 24/25, 2021
This phish came in at least four variants, all of which threatened cancellation of your account if you didn't respond. As always, be very skeptical of language intended to instill fear, uncertainty, or doubt.
"Email confirmation" - received May 18, 2021
This one contains a link that leads to a copy of our single-sign on page. Don't be fooled! That domain is not uvm.edu.
THE UNIVERSITY OF VERMONT EMAIL UPDATE NOTIFICATION !!! - received May 2, 2021
Threatening language? Bad grammar, all CAPS, exclamation points? "E-mail validation exercise"? Yes, it's another phishing scam.
"Important Message From The University of Vermont" - received 4/29/21
This scam leads to a webpage using several different compromised domains to spoof our Single Sign On page, but asking for your birthday, SSN, and driver's licence number! As always, look where the link goes before clicking on it and make sure the domain is something you would expect (uvm.edu in this case, notably NOT dr-nouroozei.com).
Process has begun by our administrator - received April 21, 2021
This a continuation of a phishing campaign that seeks to harvest user credentials through emails that claim that we're about to turn off your email unless you verify your account, then use the harvested credentials to send "Job Offer" scams (see below) that seek to harvest other personal information. The link in this email leads to a Google Doc, which might seem more trustworthy to users accustomed to using the Google suite of applications. Remember that anyone can set up a Google Doc! The Google Doc forms template even has a warning against entering passwords into it, but the print is small.
"UVM Job Opening", "PART TIME PERSONAL ASSISTANCE FOR STUDENTS AND STUFFS", "PERSONAL ASSISTANT OFFER", "PERSONAL ASSISTANT JOB FOR STUDENT AND STAFF", "The University of Vermont(Staff and Student) Employment", etc.
Since April 20th, attackers have utilized compromised UVM credentials to send a series of "Job Offer" phishing messages to larger numbers of addresses in the UVM community. As always, if something is too good to be true it probably is. Further, a Google Doc is not necessarily safer than any other non-UVM hosted website- never enter your password or other personal information into an unverified form!
We need you for immediate hire! - received April 20, 2021
Yet another "We're hiring!" scam leveraging compromised UVM credentials.
Email Alert Service ! and Notice from Microsoft Outlook- received April 19, 2021
They didn't put a lot of effort into this one, but it's important to be alert all the same!
Later in the day a second phish contained a link to the same URL:
UVM Commencement - RSVP, Photo & Name Recording
Yes, UVM is really partnering with NameCoach! This one is a legitimate email.
UVM Job Placement Broadcast!
A non-UVM URL shortener, a job offer that sounds too good to be true, and grammatical/punctuation errors? Yup, it's a phish.