"Uvm Notifiction" - received March 15, 2023
Notifiction, eh? Yet another credential phishing effort, steer clear.

"******INFORMATION******", "******URGENT******", "******CAMPUS ANNOUNCEMENT******" - received March 2, 2023
Three different phishing emails from the same scammers, using a variety of tactics to try to get your UVM credentials and/or financial information.



"Password Expiration Notice!!", "We received a request", "Action Required! - received March 2, 2023
These emails all pointing to the same scam website are not legitimate, even though they are higher effort than the average phish.



"CLICK NOW" - received February 24, 2023
This is admittedly a poor effort but does appear to be quite widespread. Coming on the heels of other phish with similar themes, this one may sow enough uncertaintly to catch some people.

NOTICE: Campus Email Policy Violated - received February 23, 2023
This is a phishing scam sent from a compromised account. If there were actually suspicious activity, the account would be locked.

Termination Request Made - received January 29, 2023
This phish is trying to scare you into entering your credentials to avoid termination of your account - a common tactic for phishing emails.

"noreply@uvm.edu", "Web-servicenotification@mail-webservices.uvm.edu", and "Mail Deactivation Request" - received December 15, 2022
This campaign uses three separate subjects and message bodies leading to two different addresses, and the target URLs lead to a decent approximation of UVM's single-sign-on portal. It's a decent effort! As always, make sure you're really at uvm.edu before entering your NetID and password.



"$4,955.55 Payout - FAFSA" - received December 10-11, 2022
This email is a scam, preying on people who especially would need this kind of payment. Their goal is to get your financial info to steal money from you.
If you ever aren't sure if an email like this is a scam, forward it to abuse@uvm.edu and ask us to let you know.

"UVM Overdue Bill !!!" - received November 28, 2022
While we've certainly had a steady stream of phishing scams this semester, you may notice an uptick around the holidays and exam week - attackers are aware of our calendar, and are likely to increase their activity when you might be distracted or stressed. Here's one trying to leverage the anxiety and uncertainty of this time of year:

"noreply@uvm.edu" - received November 10/11, 2022
Three different subjects, several different message bodies, but still the same nonsensical and threatening language about your account being removed (OR an account verification exercise, "urgent" password expiration, etc. - please see the two other Nov 10 emails for examples). Always check that URL - this one leads to a jotform address, not uvm.edu:

"Your password will expire!" - received Nov 10
This is not a legitimate email about your password expiring. If you need to update your password, you can do so at account.uvm.edu.
(We would also give you more than 24 hours for the first notice about your password expiring.)

"Webauth.uvm.edu" - received Nov 10
This email about phishing attacks is, itself, a phish. Why must they torment us so?
For the record - UVM will never ask you to "verify account." Especially not on a random squarespace site.

"OVERDUE UVM PAYMENT !!!" and "URGENT NOTIFICATION !!!" - received October 31, 2022
Happy Halloween! Unfortunately you've probably seen several of these lovely tricks in your inbox today - note the URL in the link. Also note that they've made the amount you supposedly 'owe' very small so that you're tempted to enter your credit card info without thinking too much about it! Don't give any treats to the attackers, please, or we'll never get them off the front porch.

"The University of Vermont shared a file with you" - received October 27, 2022
This one is a bit tricky - it looks like a file transfer notification, but it really leads to a phishing page! Remember that UVM's filetransfer service can be found at https://filetransfer.uvm.edu, not 'fluidui[.]com'.

"UVM" - received October 18, 2022
We've been free of these for a few weeks, but here's more of the same - threatening language, odd capitalization and punctuation, and a link that leads somewhere other than uvm.edu:

"We expect you to strictly adhere and address this!!" - received September 26, 2022
And we expect you to create a more convincing email! Always hover over the link. If it doesn't end in '.uvm.edu', don't click on it.

"Student Administrative Assistant Position" - received September 12, 2022
A classic phishing scam - remember, if it sounds too good to be true, it probably is.

'UVM HELP-DESK' - and 'UVM EMAIL UPDATE' received August 31 and September 8, 2022
Here's another variation on this ongoing campaign, as usual trying to capitalize on FUD (Fear, Uncertainty, Doubt).
