Search Google Appliance

Information Technology

Fresh Phishing Scams on Campus

How to spot phishing:

FRESH PHISH: August 16, 2018

  1. The sender claims to be Chancellor Subbaswamy, but the actual email is not a trusted UMass address.
    • Be wary of messages that claim to be important people contacting you directly.
  2. Phishing messages often use language that creates a false sense of urgency, trying to trick you into acting quickly without thinking. For example, this message included language like "shared an Urgent Document with you."
  3.  The email asks the recipient to click a link titled "Important Document," whose address is not displayed.
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not open files or links you did not expect to be sent.
  4.  The links in the message direct to a non-UMass login page. The URL was not a trustworthy UMass web address, and included a long string of characters.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 8 16 18

non-umass login page with bright green colors and a url with a long string of characters in it


FRESH PHISH: August 15, 2018

  1. The sender appears to be "Service" and claims to be from UMass, but the actual email is not a trusted UMass address.
  2. Phishing messages often include spelling and grammar mistakes. For example, this message capitalizes the word "request" in the middle of a sentence.
  3.  The email asks the recipient to click a link titled "Your Incident," whose address is not displayed.
    • Check links before clicking! Be wary of links that claim to be sent by a university, but which are using a non-.edu web address. This link uses the .online tld.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  4.  The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 8 15 18

Fake umass login page using a '.online' address rather than '.edu'


FRESH PHISH: July 20, 2018

  1. The sender claims to be “University of Massachusetts Amherst Mail” and to be from UMass, but the actual address is not a trusted UMass email address.
  2. The email asks the recipient to click a link titled "SIGN IN HERE," whose address is not displayed. 
    • Check links before clicking! Be wary of links that claim to be sent by a university, but which are using a non-.edu web address. This link uses the .be tld.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
    •  The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 7 20 18


FRESH PHISH: June 13, 2018

  1. The sender claims to be “Jessica Rivera” and to be from UMass, but the actual address is not a trusted UMass email address.
  2. The email asks the recipient to click a link whose address is not displayed. 
    • Check links before clicking! Be wary of links that claim to be sent by a university, but which are using a non-.edu web address. This link uses the .be tld.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. Phishing messages often create a false sense of urgency. For example, this message uses language like "Expected deactivation date: [one day away]" to try to get the recipient to react quickly without thinking.
  4. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and was not a .edu address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 6 13 18fake login page which had a weird url with a .be tld


FRESH PHISH: June 11, 2018

  1. The sender claims to be “Margara Russotto” and to be from UMass, but the actual address is not a trusted UMass email address.
  2. The email asks the recipient to click several links whose addresses are not displayed. 
    • Hover over links to check the urls for a trusted site before clicking! While these addresses did not look trustworthy to begin with, hovering over these links shows that they go to a completely different untrustworthy non-UMass website.
    • It's also a good idea to copy and paste links into your web browser, rather than clicking.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and was not a .edu address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 6 11 18fake login page which had a weird url with a .nl tld


FRESH PHISH: May 31, 2018

  1. This message was caught being sent from three different addresses. The sender claimed to be the Office of the Provost, and the actual addresses - including "juliana-bodo@t-online.de" - were not genuine umass email addresses.
  2. The email asks the recipient to click a link labeled "CALENDAR 2018-2019."
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not download files or click links you did not expect to be sent.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 5 31 2018fake login page example whose address includes a long string of characters with lots of percent signs, and does not use the .edu tld


FRESH PHISH: May 30, 2018

  1. The sender claims to be “Anne Bastarache” and to be from UMass, but the actual address is not a trusted UMass email address.
  2. Phishing messages often contain spelling and grammar errors such as inconsistent capitalization found in the message's subject field.
  3. Phishing messages often use informal language such as "But record shows you are still active in service and so advised to terminate this request otherwise give us reasons to deactivate your university account.
  4. The email asks the recipient to click several links whose addresses are not displayed. 
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  5. Phishing messages often create a false sense of urgency. For example, this message includes language like "Accounts filed for deactivation has been submitted and will be processed within 24hr." to try to convince the recipient to act quickly without thinking.
  6. The email claims to have been sent by an "Instructor" with a role/department that either does not exist or is improperly formatted and contains additional grammar and punctuation errors. 
  7. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: May 29, 2018

  1. The sender claims to be "Alba Rosa Frias" and to be from UMass, but the actual address is not a trusted UMass email address.
  2. Phishing messages sometimes use clickbait titles, or incomplete titles that lack information, to try to trick recipients into clicking links. Don't let your curiosity get the best of you - if you were not expecting to be sent a file or link, do not open it.
  3. Phishing messages often use informal language. For example, the message opens with "Please endeavor."
  4. The email asks the recipient to click a link. The link in the message does look like a trustworthy UMass web address - but it's very easy to make a link look like one address and actually direct to a completely different site. In this case, the link text was a fake UMass web address, and the actual hyperlink directed to a non-trustworthy url, which was not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • It's also a good idea to copy and paste links into your web browser, rather than clicking.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: May 22, 2018

  1. The sender claims to be "Byung Kim" and to be from UMass Amherst, but the actual address is not a trusted UMass email address.
  2. The email asks the recipient to click a link. The link in the message does look like a trustworthy UMass web address - but it's very easy to make a link look like one address and actually direct to a completely different site. In this case, the link text was a fake UMass web address, and the actual hyperlink directed to a non-trustworthy url, which was not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • It's also a good idea to copy and paste links into your web browser, rather than clicking.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. Phishing messages often create a false sense of urgency. This message uses language like "...permanent suspension without notification" to try to trick recipients into acting quickly without thinking.
  4. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example May 9 2018

Fraudulent login page example may 9 2018


FRESH PHISH: May 18, 2018

  1. The sender, "Alankrita.A.Jethi@tn.gov" is not a trusted UMass email address.
  2. The email asks the recipient to click several links, including one titled "please login to the notification systems," whose addresses are not displayed. .
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. Phishing messages often create a false sense of urgency. This message uses language like "this service is mandatory for all current employees" to try to trick recipients into acting quickly without thinking.
  4. Phishing messages often include spelling and grammar mistakes. This message includes some phrases which seem to be missing words or punctuation, such as "...in the university also feedback about this service are welcomed."
  5. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and contained unusual words and characters, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example May 18 2018

Fake UMass login page example May 18 2018, which used an unusual web address extension


FRESH PHISH: May 10, 2018

  1. The sender claims to be "Umass Mail," but the actual address is not a trusted UMass email address.
  2. Phishing messages often include spelling and grammar errors or use informal language. For example, the message opens with "Hi," with no punctuation.
  3. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  4. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and contained unusual strings of characters, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example May 10 2018

Fake UMass login page example May 10 2018


FRESH PHISH: May 9, 2018

  1. The sender claims to be "Karen White" and to be from UMass Amherst, but the actual address is not a trusted UMass email address.
  2. Phishing messages sometimes use clickbait titles, or incomplete titles that lack information, to try to trick recipients into clicking links. Don't let your curiosity get the best of you - if you were not expecting to be sent a file or link, do not open it.
  3. Phishing messages often use informal language. For example, the message opens with "Hi," with no punctuation.
  4. The email asks the recipient to click a link. The link in the message does look like a trustworthy UMass web address - but it's very easy to make a link look like one address and actually direct to a completely different site. In this case, the link text was a fake UMass web address, and the actual hyperlink directed to a non-trustworthy url, which was not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • It's also a good idea to copy and paste links into your web browser, rather than clicking.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  5. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and contained unusual strings of characters, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example May 9 2018

Fraudulent login page example may 9 2018


FRESH PHISH: May 7, 2018

  1. The sender claims to be "Cindy Wills" and to be from UMass Amherst, but the actual address is not a trusted UMass email address.
  2. Phishing messages often use informal language. For example, the message opens with "Hi," with no punctuation.
  3. The email asks the recipient to click several links - titled "please login to the notification systems," "seen here," and "frequently asked questions." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  4. Phishing messages often include spelling and grammar errors. This message includes sentences that are noticeably missing words or punctuation, such as the phrase "...for all current employees in university also feedback about this service..."
  5. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example May 7 2018

Fraudulent login page example may 7 2018


FRESH PHISH: April 30, 2018

  1. The sender, "Edwards, Katlyn Elizabeth" is not a trusted UMass email address.
  2. The email asks the recipient to click a several links - titled "Cancel Request," "View form," and "click here." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
    • Do not download or open files you did not expect to be sent.
  3. The links in the message direct to a fraudulent version of the UMass login page. The URL contained long strings of random characters, and was not a trustworthy UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example April 30 2018

Fraudulent login page example april 30 2018


FRESH PHISH: April 18, 2018

  1. The sender, "Eric Oberndorf" claims to be from UMass, but the actual address is not a trusted UMass email address.
  2. Phishing messages often include spelling and grammar errors or use informal language. For example, the message opens with "Hi," with no punctuation, and ends a sentence with a comma.
  3. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Second phishing example April 18 2018


FRESH PHISH: April 18, 2018

  1. The sender, "Furhmann, Jacques P" is not a trusted UMass email address.
  2. Phishing messages often create a false sense of urgency, to try to convince the recipient to react quickly without thinking. For example, this message includes language such as "Priority: High" and "If you do not reply... within 24hrs."
  3. Phishing messages often include spelling or grammar errors. This message includes several, such as capitalization of words mid-sentence.
  4. The email asks the recipient to click a link with the title "Your incident." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  5. The link in the message directs to a fraudulent version of a UMass login page. The web address is not a trustworthy UMass address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing example April 18 2018

Fraudulent login page linked to by April 18 2018 phishing scam


FRESH PHISH: March 27, 2018

  1. The sender claims to be "Umass Mail," but the actual address is not a trusted UMass email address.
  2. Phishing messages often misuse brand logos, fonts, or colors. This message includes an unusual and incorrectly designed version of the UMass Amherst wordmark.
  3. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing example March 27 2018


FRESH PHISH: March 26, 2018

  1. The sender claims to be "University of Massachusetts <job.supprt@umass.edu>," but the actual address" is not a trusted UMass email address.
  2. Phishing messages often misuse brand logos, fonts, or colors. This message uses colors similar to the UMass brand colors, but in a very different way from how they would be used in legitimate UMass communications (as the background color for the message).
  3. Phishing messages often contain spelling and grammar errors. This message has many, notably including many capitalized words mid-sentence, and several instances of spaces before periods.
  4. The email asks the recipient to click a link with the title "APPLY FOR THIS JOB." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing example March 26 2018


FRESH PHISH: March 15, 2018

  1. The sender claims to be "University of Massachusetts Amherst," but the actual address, "<web@goodoogs.com.au>," is not a trusted UMass email address.
  2. Phishing messages often contain spelling and grammar errors. This message includes strange capitalization and a space before a period.
  3. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing example March 15 2018


FRESH PHISH: March 14, 2018

  1. The sender, "<sytacke@ilstu.edu>," is not a trusted UMass email address.
  2. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing example March 14 2018


FRESH PHISH: February 27, 2018

  1. The sender claims to be "Umass Mail," but the actual address is not a trusted UMass email address.
  2. Phishing messages often create a false sense of urgency, to try to convince the recipient to react quickly without thinking. For example, this message claims to be of high importance. Some legitimate messages may include this label, but always remember to stop and think before acting.
  3. Phishing messages often include spelling and grammar errors or use informal language. For example, this message capitalizes the word "department" in the middle of a sentence.
  4. The email asks the recipient to click a link with the title "Click Here." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: February 24, 2018

  1. The sender, "<j.1.fang@herts.ac.uk>" is not a trusted UMass email address.
  2. The email asks the recipient to click a link with the title "Click Here." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  3. Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 24th 2018

Untrusted webpage asking for account information


FRESH PHISH: February 23, 2018

  1. The sender claims to be "Umass Mail," but the actual address is not a trusted UMass email address.
  2. Phishing messages often include spelling and grammar errors or use informal language. For example, this message includes improper spacing such as the phrase "mffoley ley . ."
  3. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  4. The fraudulent login page linked to by the email did not have a trusted UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 23rd 2018

Fake login page example feb 23 with non-umass web address


FRESH PHISH: February 21, 2018

  1. The sender is not a trusted UMass email address.
  2. The email asks the recipient to click a link with following the text "view this ticket's progress online" and a second to "login to your account." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. The fraudulent login page linked to by the email did not have a trusted UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 21st 2018

Fake login page example feb 21 with non-umass web address


FRESH PHISH: February 21, 2018

  1. The sender claims to be "UMass Mail" but the actual address is not a trusted UMass email address.
  2. Phishing messages often create a false sense of urgency, to try to convince the recipient to react quickly without thinking. For example, this message claims to be of high importance. Some legitimate messages may include this label, but always remember to stop and think before acting.
  3. Phishing messages often include spelling and grammar errors or use informal language. For example, the message opens with "Hi," with no punctuation.
  4. The email asks the recipient to click a link with following the text "SIGN IN HERE." The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 21st 2018


FRESH PHISH: February 14, 2018

  1. The sender claims to be "UMass Amhers," but the actual address <mrobin495@yahoo.com> is not a trusted UMass email address.
  2. The email asks the recipient to click a link with following the text "Verify Your Account Now." Though the link appears to be displayed, the text in the message is different from the address that the link directs to!
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. Phishing messages often create a false sense of urgency. For example, this message includes language like "...email account will be treated as inactive and deleted!" to try to convince the recipient to act quickly without thinking.
  4. Phishing messages often include spelling and grammar errors. For example, this message frequently refers to itself as "UMassAmhers."

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 14th 2018


FRESH PHISH: February 6, 2018

  1. The sender claims to be UMass Amherst, but the actual address <allan.banning@cosmotemail.gr> is not a trusted UMass email address.
  2. Phishing messages often include spelling and grammar errors. For example, this message includes weird phrases like "you are advice."
  3. The email asks the recipient to click a link with the text "Click here to verify" The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  4. Phishing messages often create a false sense of urgency. For example, this message includes language like "services will permanently be disabled" to try to convince the recipient to act quickly without thinking.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 6th 2018


FRESH PHISH: January 31, 2018

  1. The message, which appears to have been sent by "Pamela Lester <plester@umass.edu>" uses informal language with spelling and grammar errors - for example, the message opens with "Hi," with no punctuation.
  2. Phishing messages often include spelling and grammar errors. For example, this message capitalizes the word "Your" in the middle of a sentence.
  3. The email asks the recipient to click a link with the text "SIGN IN HERE." The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example January 31st 2018


FRESH PHISH: January 31, 2018

  1. The sender ("Mucerino, Allan <amucerino@fullerton.edu>") is not a trusted UMass address.
  2. Phishing messages often try to create a false sense of urgency. This message uses language including "Priority: High" and "If you do not reply, this request will be formally closed..." to attempt to trick the recipient into responding quickly without thinking.
  3. The email asks the recipient to click a link with the text "Your incident." The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example January 31st 2018