Stop. Think. Does this email make literally any sense?
Hint: No

Usually no one legitimate will yell at you in all caps, regardless of urgency, but also check out that weird non-UVM link if you hover over it with your cursor. Definitely a phish.

This one is simple, but it plays on the time of year, leads to a copy of UVM's webauth page, and was sent on a Friday afternoon during break to catch you at your least wary. Always take a look at the address bar to make sure the page you're logging into is at uvm.edu, even if it looks just like the page you're accustomed to seeing.

 

Poor grammar, capitalization, and punctuation? Attempting to induce fear, uncertainty, and doubt? Asking you to go enter your credentials in a non-uvm.edu website? Yes, it's a phish.

You pretty much never need to verify any account like this - and certainly not your UVM account. When an email is telling you something alarming and asking you to take urgent action, take a second to reread and check for red flags (e.g., strange wording, many typos, unfamiliar sender, short link used to disguise website).

This is a scam email that was unfortunately able to spoof the UVM HR address. Never trust job offers that direct you to contact someone via an external email or phone number. Actually, maybe just never trust unexpected job offers at all, especially if the pay seems too good to be true.

The actual body of the email may contain your address and other personal information, including a photo of your home, likely obtained from a third-party data breach. Check your email address at Have I Been Pwned to see if your information has been exposed.

The attached PDF utilizes the information obtained to try to scare you into paying to prevent compromising videos of you (which they do not actually have) from being released. This is a common scam, but a higher effort and more uncomfortable one for folks to receive. Regardless, never pay a blackmailer and put this email in the trash if you receive it (or forward it to abuse@uvm.edu).

This image below describes what the email would look like that includes your name, your address, a photo of your home from Google Street View, and an idea of what the text might be.

You can probably safely assume literally any email with a QR code in it is a scam.

The image below shows an example of text with a UVM logo and a QR code.

An email with a subject line of "Scheduled Message" and a link to "Login to View" (as shown in the image below) is most definitely a scam. Even if something looks like it could plausibly be from UVM, make sure it's actually sending you to a real UVM website before clicking any links.

UVM would never ask you to text a random phone number your password for ANY REASON. You should also never enter a passcode for Duo anywhere other than the UVM login page, nor approve any push notifications that are associated with anything other than you yourself logging in (regardless of what some email tells you to do).

Additional hint: If something asks for your Passw0rd (with the letter o as a zero), it is for sure a scam.

The image blow gives an example of an email with subject line, "ITS Help Desk Account Maintenance" and goes on to ask the viewer to send personally identifiable information such as name, phone number, campus email, username or join ID, password, and 6 digit passcodes.

Not sure why the "Financial Aid Department" would want you to enter your password into a Google form in order to read your mysterious unread messages, unless... wait - it's a scam!

Always check the link before clicking (it should be a uvm.edu address if it's something like this) but also think about whether what they're asking you to do makes sense. Feel free to forward to abuse@uvm.edu and ask if you're not sure.

The image below shows a high importance email with subject line, "Important Message for All Faculty - Staffs." It says it is from the financial aid department and asks you to click a link. 

This is a phishing scam and it is extremely not appreciated. Don't open shady attachments from external senders, folks.

The image below shows an email document with subject line, "Salary Adjustment Acknowledgement," and has blue text explaining an approved salary increase and tells you that you will need to access through the salary increment letter.

Canvas? What? No, this one is definitely not legitimate.

The image below shows an email with the subject, "CANVAS NOTIFICATION," telling you that the sender has received a request to terminate your Office 365 email and to click a link to reverify your account.

This is another scam utilizing the fact that it's very easy to spoof the "From" address on emails. This person does not actually have access to your account, but is trying to alarm you into thinking they do. Our spam filters catch most of these, but this one unfortunately made it through to some folks. You can safely discard this email if you received it.

The image below shows an email that appears you sent to yourself where a spammer has installed spyware on your device and has monitored your activity.

A "Notice!" about "University of Vermont News" from a non-UVM address is enough reason for skepticism, but as always, hovering over the link will let you know for sure. Despite having "uvm-edu" in the first part of the address, this link leads elsewhere (to a phishing site that attempts to steal your password).

This image shows an example of the above-described email showing the phishing site link in the hover pop-up text.

This one is a scam utilizing the fact that it's very easy to spoof the "From" address on emails by trying to scare you into thinking someone else has access to your account. Our spam filters catch most of these, but this one unfortunately made it through to some folks. You can safely discard this email if you received it.

The image below shows an email that appears you sent to yourself where a spammer has installed spyware on your device and has monitored your activity.

Too good to be true? Yes!

The image below shows an email with the subject, "Student Employment Services," stating that "Job Placement and Student Services" is looking for part-time or full-time survey takers, and that you'll be paid to do the work.  A link to the job details, shown in hover text, is to a Google form.

This is not really from Microsoft and it is not legitimate. Put this one right in the trash.

The image below shows a message with the subject, "Notice From Microsoft`," claiming to stop processing incoming emails for your school account, with a link to a scam site.  Hover text shows the real link that is not from Microsoft.

This image, showing an email from "IT Helpdesk <dr.jamwil@gmail.com>," claiming that "all staff, students, and alumni" need to validate their email accounts, is definitely a scam. Not only is it not from the UVM Help Line, but the link does not point to a UVM website, despite showing "webauth-uvm" in it.

This email is a scam, preying on folks who really need the money. If you hover over the link with your cursor, you can see it's sending you to a non-UVM website where it asks you for UVM credentials. UVM would not do this.

The image below shows an example of an email with the subject, "Individual Assistance Program," and the non-UVM address of the link shown in the hover text.

QR code abuse is becoming one of the most common ways to lure the unwitting into visiting phishing websites (like this one) or sites serving malware to anyone who visits. UVM wouldn't ask you to conduct any important business by hiding the target site's address in this way - be very skeptical of any QR code that you aren't expecting to see!

The image below shows an example of an email with a QR code image attachment and text trying to lure you to a website to resolve an apparent issue with your Office365 accounts.  As the email falsely appears to come from a legitimate UVM email address, the address is redacted for privacy in the image.

If you received this email, you'll notice it appears to be sent from your own account. It isn't, actually - it is unfortunately very easy to spoof the from address on emails. Normally, these are caught by our spam filters, but this one seems to have gotten through to a few folks. If you did receive it, don't worry, your data has not actually been compromised and this email can be safely discarded.

The image below shows an example of the email described above, with the subject, "Careful, it's important," claiming that "your private data was compromised" and the perpetrators have gained access to your email and infected your device with a virus/backdoor (program).

Unfortunately, this scholarship is not real - another attempt at getting users' financial information.

The image below shows an email congratulating you on receiving a scholarship and asking you to contact the "scholarship department" at an email address that is not a valid UVM address.

This is a scam email trying to get your financial info. Always check the link before clicking and avoid any non-UVM links for anything like this.

The image below shows an email with the subject, "Change Payment Method !!" and a link, shown in hover text, to a non-UVM site.

If you ever receive an email telling you you've won something, it's probably safe to assume it's a scam. This one sure is.

The image below shows an email that looks like it's from the UVM Bookstore about winning an Apple iPad, but the link, shown in hover text, is to a non-UVM site.