Search Google Appliance

Information Technology

Fresh Phishing Scams on Campus

How to spot phishing:

FRESH PHISH: January 13, 2018

Phishing example showing an email which claims to be from an information technology support service, related to Microsoft OneDrive. The sender's address is not a trusted UMass email address. There are several spelling and grammar mistakes in the email, including consistently spelling 'OneDrive' as 'one drive.' The message asks the recipient to click a link which is displayed as a button and does not display it's address. The link takes the recipient to a fraudulent login page.

  • Sender is not a trusted UMass email address.
  • The email asks the recipient to click a link, which is displayed as a button and does not display it's address.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  • Link directs to a fraudulent login page. 
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.

If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: January 13, 2018

Phishing example showing an email which claims to be an information technology service provider saying that your email was 'changed' recently. The email urges the recipient to click one of several links if they don't recognize that activity. The link addresses are not displayed, and the links take the recipient to a fraudulent UMass login page.

  • Sender is not a trusted UMass email address.
  • The email message creates a false sense of urgency by pretending to be a support service and asking the recipient to "contact us urgently for assistance."
  • The email urges the recipient to click several links, which do not display their addresses.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  • Link directs to a fraudulent login page. 
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.

If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: January 11, 2018

Phishing example showing an email attachment with a link. The message instructs the recipient to click a link which does not show its address. The link directs to a fake version of the Office 365 login page.

  • Sender is not a trusted UMass email address.
  • The email message includes a link to a fraudulent login page. The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  • Link directs to a fraudulent login page. 
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.

If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: January 06, 2018

Phishing example showing an email attachment with a link. The message instructs the recipient to click a link which does not show its address. The link directs to a fake version of the Office 365 login page.

  • Sender is not a trusted UMass email address.
  • The email message includes a link to a fraudulent login page. The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  • Link directs to a fraudulent login page. 
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.

If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: DECEMBER 18, 2017

Phishing example showing an email attachment with a link. The message instructs the recipient to click a link which does not show its address. The link directs to a fake version of the Office 365 login page.

  • Sender is not a trusted UMass email address.
  • The attached file includes a link to a fraudulent login page. The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  • Link directs to a fraudulent login page. 
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.

If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: DECEMBER 18, 2017

Phishing example showing an email which was not sent by a trusted UMass email address. The email message instructs the recipient to click a link which does not show its address. The link directs to a fake version of the UMass Amherst login page.

  • Sender is not a trusted UMass email address.
  • The email message includes a link to a fraudulent login page. The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  • Link directs to a fraudulent login page. 
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.

If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: DECEMBER 14, 2017

Phishing example showing an email which was not sent by a trusted UMass email address. The email message instructs the recipient to click a link which does not show its address. The link directs to a fake version of the UMass Amherst login page.

  • Sender is not a trusted UMass email address.
  • The email message includes a link to a fraudulent login page. The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  • Link directs to a fraudulent login page. 
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.

If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: DECEMBER 12, 2017

Phishing example showing an email which was not sent by a trusted UMass email address. The email message instructs the recipient to click a link which does not show its address. The link directs to a fake version of the UMass Amherst login page.

  • Sender is not a trusted UMass email address.
  • The email message includes a link to a fraudulent login page. The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  • Link directs to a fraudulent login page. 
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.

If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: DECEMBER 11, 2017

Phishing example showing an email which was not sent by a trusted UMass email address, despite containing UMass Amherst branding. The email message instructs the recipient to click a link which does not show its address. The link directs to a fake version of the UMass Amherst login page.

  • Sender is not a trusted UMass email address.
  • The attached file includes a link to a fraudulent login page. The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  • Link directs to a fraudulent login page. 
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.

If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: DECEMBER 8, 2017

Phishing example showing an email which appears to be from the Office of the Controller - though the actual email address is not a trusted UMass address. The phishing email instructs the recipient to download a file, which is actually link to a fraudulent login page.

  • Sender is identified as the Office of the Controller, but the actual address is not a UMass address.
  • The message instructs the recipient to view a file. Do not download or view files which you did not expect to be sent.
  • The attached file includes a link to a fraudulent login page. The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  • Link directs to a fraudulent login page. 
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.

If you have a phishing example or question, please email itprotect@umass.edu.


    FRESH PHISH: NOVEMBER 8, 2017

    phishing example showing an email from a non-umass address with links which are not displayed. the links direct to a fake UMass SSL login page. The web address of the fake login page is not a trusted UMass address, and is visible in the addressbar.

    • Sender is identified as UMass Amherst, but the actual address is not a UMass address.
    • The link address in the message is not displayed. 
      • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Link directs to a fraudulent login page. 
      • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

    Note: Always verify the identity of the sender before opening any attachments or clicking any links.

    If you have a phishing example or question, please email itprotect@umass.edu.

     

    phishing example showing an email with links which are not displayed. the links direct to a fake UMass login page.

    Phishing example

    phishing examples_vertical 12.16.png

    phishing examples 12.1.62.png

    phishing examples_vertical 11.18.16.png

    phishing examples_vertical 11.7.16  4 TH4.png

    phishing examples_vertical 11.7.16  4 TH3.png

    phishing examples_vertical 11.7.16  4 TH2.png

    phishing examples_vertical 11.7.16  4 TH.png

    fresh.phish (9.6.16).png