On April 13, 2017, a new fraudulent phishing message with the subject "Login is required" began targeting UMass Amherst email users.
The email, which appears to have been sent by "University of Massachusetts Amherst <email@example.com>," notifies users that “According to the new rules, you must login into your account at least once a week, otherwise your account will be locked,” and asks recipients to click a link to “Please Login to avoid the closure of your account.”
The web link in the email directs the user to a fraudulent version of the UMass Amherst login page.
Caution: This email did not come from the University of Massachusetts. It is a phishing scam designed to trick you into providing your NetID password to get access to your personal information for fraudulent purposes.
Do not respond to the fraudulent message or click the link! Responding or clicking the link in the message may put your information and the university's information and systems at risk.
If you have already responded to the message, change your IT Account password in SPIRE immediately.
For more information about this phishing scam or to learn more about what you can do to protect yourself, see the News section of the UMass Amherst IT website. Please report suspicious messages to firstname.lastname@example.org.
When receiving suspicious messages or messages from unknown senders, we recommend that you:
• Report these messages to email@example.com.
Learn more about phishing attacks and how to avoid getting caught:
- Phishing: Fraudulent Emails, Text Messages & Phone Calls
- Protect Yourself Against Phishing & Identity Theft
- See the Lastest Phishing Scams on Campus