A round fishbowl with red goldfish
The UVM Phishbowl is designed to help members of UVM’s community identify phishing scams and report suspicious emails. A phishing scam is an attempt to steal your UVM credentials (your NetID and password) or other important personal information.

Below are emails that have been reported by the UVM community. A red X means it’s a scam, and the smiling green fish means it’s safe.

  • If you've received an email that seems suspicious and you don't find it here, please forward it with its headers intact to abuse@uvm.edu for review by the Information Security Office.
  • If you have spam (i.e., unsolicited commercial email that does not appear to target your personal information) that has eluded our spam filtering system (a false negative), please forward it with its headers intact to is-spam@uvm.edu.
  • Likewise, if you see a legitimate message in your Junk Email folder (a false positive), please forward it with its headers intact to not-spam@uvm.edu.

For more information about UVM's anti-spam, anti-malware, anti-phishing service, please see our Proofpoint Spam Filter Knowledge Base article.

"Human Resources Contact Form" - received May 26, 2021

Watch out for non-UVM shortened URLs - UVM websites should use go.uvm.edu addresses when they are shortened (not bit.ly or similar).

Human Resources Contact Form phish

"UVM Help Desk", "The University of Vermont", "Action Required! Cancel Mail Termination", and "Cancel Office365 Mail Termination!" - received May 24/25, 2021

This phish came in at least four variants, all of which threatened cancellation of your account if you didn't respond. As always, be very skeptical of language intended to instill fear, uncertainty, or doubt.

Mail Cancellation phish

"Email confirmation" - received May 18, 2021

This one contains a link that leads to a copy of our single-sign on page. Don't be fooled! That domain is not uvm.edu.

"Email confirmation" phish

 

THE UNIVERSITY OF VERMONT EMAIL UPDATE NOTIFICATION !!! - received May 2, 2021

Threatening language? Bad grammar, all CAPS, exclamation points? "E-mail validation exercise"? Yes, it's another phishing scam.

EMAIL UPDATE NOTIFICATION phish

"Important Message From The University of Vermont" - received 4/29/21

This scam leads to a webpage using several different compromised domains to spoof our Single Sign On page, but asking for your birthday, SSN, and driver's licence number! As always, look where the link goes before clicking on it and make sure the domain is something you would expect (uvm.edu in this case, notably NOT dr-nouroozei.com).

Process has begun by our administrator - received April 21, 2021

This a continuation of a phishing campaign that seeks to harvest user credentials through emails that claim that we're about to turn off your email unless you verify your account, then use the harvested credentials to send "Job Offer" scams (see below) that seek to harvest other personal information. The link in this email leads to a Google Doc, which might seem more trustworthy to users accustomed to using the Google suite of applications. Remember that anyone can set up a Google Doc! The Google Doc forms template even has a warning against entering passwords into it, but the print is small.

"Process has begun" phish sample

"UVM Job Opening", "PART TIME PERSONAL ASSISTANCE FOR STUDENTS AND STUFFS", "PERSONAL ASSISTANT OFFER", "PERSONAL ASSISTANT JOB FOR STUDENT AND STAFF", "The University of Vermont(Staff and Student) Employment", etc.

Since April 20th, attackers have utilized compromised UVM credentials to send a series of "Job Offer" phishing messages to larger numbers of addresses in the UVM community. As always, if something is too good to be true it probably is. Further, a Google Doc is not necessarily safer than any other non-UVM hosted website- never enter your password or other personal information into an unverified form!

We need you for immediate hire! - received April 20, 2021

Yet another "We're hiring!" scam leveraging compromised UVM credentials.

"Immediate hire!" phish

Email Alert Service ! and Notice from Microsoft Outlook- received April 19, 2021

They didn't put a lot of effort into this one, but it's important to be alert all the same!

Email Alert Service phish

 

 


Later in the day a second phish contained a link to the same URL:

UVM Commencement - RSVP, Photo & Name Recording

Yes, UVM is really partnering with NameCoach! This one is a legitimate email.

Legitimate email from NameCoach

UVM Job Placement Broadcast!

A non-UVM URL shortener, a job offer that sounds too good to be true, and grammatical/punctuation errors? Yup, it's a phish.