A round fishbowl with red goldfish
The UVM Phishbowl is designed to help members of UVM’s community identify phishing scams and report suspicious emails. A phishing scam is an attempt to steal your UVM credentials (your NetID and password) or other important personal information.

Below are emails that have been reported by the UVM community. A red X means it’s a scam, and the smiling green fish means it’s safe.

  • If you've received an email that seems suspicious and you don't find it here, please forward it with its headers intact to abuse@uvm.edu for review by the Information Security Office.
  • If you have spam (i.e., unsolicited commercial email that does not appear to target your personal information) that has eluded our spam filtering system (a false negative), please forward it with its headers intact to is-spam@uvm.edu.
  • Likewise, if you see a legitimate message in your Junk Email folder (a false positive), please forward it with its headers intact to not-spam@uvm.edu.

For more information about UVM's anti-spam, anti-malware, anti-phishing service, please see our Proofpoint Spam Filter Knowledge Base article.

"Uvm Notifiction" - received March 15, 2023

Notifiction, eh? Yet another credential phishing effort, steer clear.

"******INFORMATION******", "******URGENT******", "******CAMPUS ANNOUNCEMENT******" - received March 2, 2023

Three different phishing emails from the same scammers, using a variety of tactics to try to get your UVM credentials and/or financial information.

"Password Expiration Notice!!", "We received a request", "Action Required! - received March 2, 2023

These emails all pointing to the same scam website are not legitimate, even though they are higher effort than the average phish.

 

"CLICK NOW" - received February 24, 2023

This is admittedly a poor effort but does appear to be quite widespread. Coming on the heels of other phish with similar themes, this one may sow enough uncertaintly to catch some people.

"CLICK NOW" phish

NOTICE: Campus Email Policy Violated - received February 23, 2023

This is a phishing scam sent from a compromised account. If there were actually suspicious activity, the account would be locked.

Termination Request Made - received January 29, 2023

This phish is trying to scare you into entering your credentials to avoid termination of your account - a common tactic for phishing emails.

"noreply@uvm.edu", "Web-servicenotification@mail-webservices.uvm.edu", and "Mail Deactivation Request" - received December 15, 2022

This campaign uses three separate subjects and message bodies leading to two different addresses, and the target URLs lead to a decent approximation of UVM's single-sign-on portal. It's a decent effort! As always, make sure you're really at uvm.edu before entering your NetID and password.

'noreply@uvm.edu phish'

'mail deactivation request' phish

'web-servicenotification' phish

"$4,955.55 Payout - FAFSA" - received December 10-11, 2022

This email is a scam, preying on people who especially would need this kind of payment. Their goal is to get your financial info to steal money from you.

If you ever aren't sure if an email like this is a scam, forward it to abuse@uvm.edu and ask us to let you know.

"UVM Overdue Bill !!!" - received November 28, 2022

While we've certainly had a steady stream of phishing scams this semester, you may notice an uptick around the holidays and exam week - attackers are aware of our calendar, and are likely to increase their activity when you might be distracted or stressed. Here's one trying to leverage the anxiety and uncertainty of this time of year:

"noreply@uvm.edu" - received November 10/11, 2022

Three different subjects, several different message bodies, but still the same nonsensical and threatening language about your account being removed (OR an account verification exercise, "urgent" password expiration, etc. - please see the two other Nov 10 emails for examples). Always check that URL - this one leads to a jotform address, not uvm.edu:

"Your password will expire!" - received Nov 10

This is not a legitimate email about your password expiring. If you need to update your password, you can do so at account.uvm.edu.

(We would also give you more than 24 hours for the first notice about your password expiring.)

"Webauth.uvm.edu" - received Nov 10

This email about phishing attacks is, itself, a phish. Why must they torment us so?

For the record - UVM will never ask you to "verify account." Especially not on a random squarespace site.

 

"OVERDUE UVM PAYMENT !!!" and "URGENT NOTIFICATION !!!" - received October 31, 2022

Happy Halloween! Unfortunately you've probably seen several of these lovely tricks in your inbox today - note the URL in the link. Also note that they've made the amount you supposedly 'owe' very small so that you're tempted to enter your credit card info without thinking too much about it! Don't give any treats to the attackers, please, or we'll never get them off the front porch.

 

"The University of Vermont shared a file with you" - received October 27, 2022

This one is a bit tricky - it looks like a file transfer notification, but it really leads to a phishing page! Remember that UVM's filetransfer service can be found at https://filetransfer.uvm.edu, not 'fluidui[.]com'.

file transfer phish

 

"UVM" - received October 18, 2022

We've been free of these for a few weeks, but here's more of the same - threatening language, odd capitalization and punctuation, and a link that leads somewhere other than uvm.edu:

'UVM' phishing scam

"We expect you to strictly adhere and address this!!" - received September 26, 2022

And we expect you to create a more convincing email! Always hover over the link. If it doesn't end in '.uvm.edu', don't click on it.

We notice that your office 365 has two info different logins with two universities portals. Kindly indicate the two info logins as soon as possible.

"Student Administrative Assistant Position" - received September 12, 2022

A classic phishing scam - remember, if it sounds too good to be true, it probably is.

Dear Students, Work at your convenience and earn $450 weekly. It's a flexible part-time job.

'UVM HELP-DESK' - and 'UVM EMAIL UPDATE' received August 31 and September 8, 2022

Here's another variation on this ongoing campaign, as usual trying to capitalize on FUD (Fear, Uncertainty, Doubt).