"We expect you to strictly adhere and address this!!" - received September 26, 2022
And we expect you to create a more convincing email! Always hover over the link. If it doesn't end in '.uvm.edu', don't click on it.
"Student Administrative Assistant Position" - received September 12, 2022
A classic phishing scam - remember, if it sounds too good to be true, it probably is.
'UVM HELP-DESK' - and 'UVM EMAIL UPDATE' received August 31 and September 8, 2022
Here's another variation on this ongoing campaign, as usual trying to capitalize on FUD (Fear, Uncertainty, Doubt).
'Approved Job Alert' - received September 8, 2022
We're able to filter out most of the millions of financial scams that come our way each year, but sometimes attackers use compromised UVM credentials, making them both more difficult to detect and more likely to appear legitimate to potential victims. Here's a recent sample, leading to a Google Form that seeks to open a channel of communication that they hope will result in opportunities for fraud.
"CLICK NOW" - received September 8, 2022
This one is a visual change of pace, but it's still credential phishing. Fortunately Google acted quickly, and the Google Doc that was harvesting credentials was taken down shortly after we reported it.
"EMAIL UPDATE" - received August 29, 2022
"EMAIL UPDATE" is back, this time referencing 'security reasons'. If there were security issues with your account, we would have locked it already!
'firstname.lastname@example.org' and 'Web-service<email@example.com' - received August 24, 2022
These two phish leveraged compromised UVM accounts and also took special care to obfuscate the URL. Be sure to check where the link really leads, however - these lead to a jotform.com and squarespace.com URL, respectively, not uvm.edu.
ATTENTION!!! - received May 25, 2022
This phish is trying to scare you into entering your credentials to avoid termination of your account - a common tactic for phishing emails.
Your Password Will Expire Today! / UVM Mail Compromised! / Technology Services. - received May 21-22, 2022
None of these emails from this weekend trying to get you to enter your UVM credentials to fix an "urgent issue" are legitimate.
"Password will Expire today!", "Mail Notice!", "Urgent Notice!" - received April 27, 2022
Three subject variations, but all the same content that attempts to induce you to visiting a non-UVM website and enter your NetID and password. As always, be sure to always take a look at the address bar before entering any sensitive information into a website.
"Mail Notice!" - received April 25, 2022
You've seen this before...last week, even! Needless to say we wouldn't send you to a squarespace address to address anything important with your account.
Suspension Notice - received April 18, 2022
It is unfortunately quite easy to fake the "From" address on emails. Always be sure to check where the email is trying to send you by hovering over the link and avoiding it if it's not a "uvm.edu" address.
"Information@uvm.edu" - received March 11, 2022
You're on Spring Break, but the scammers aren't! Here's the latest phish:
"Emergency" - received February 25, 2022
More of the same...as always, if it makes you feel fear, uncertainty, or doubt it's worth an extra dose of skepticism.