Search Google Appliance

Information Technology

Security Alert! New Phishing Scam Targets UMass Amherst Community - Wednesday, 10/17

October 17, 2018

On October 17, 2018, a new fraudulent phishing message with the subject "FW:[ATTENTION REQUIRED] University of Massachusetts Amherst Revised Business Development, Implementation, and Review of Guidelines and Goals" began targeting UMass Amherst email users. The email claims to have been sent by Chancellor Subbaswamy, notifies the recipient that "we are pleased to announce our updated Business Integrity Program" and contains an attached file. When the user clicks within the attached file, they are redirected to a fraudulent login and download page.

Caution: This email did not come from the University of Massachusetts. It is a phishing scam designed to trick you into providing your NetID password to get access to your personal information and/or UMass information technology services for fraudulent purposes. 

Do not respond to the fraudulent message, download attachments, or click the link! Responding, downloading the attachments, or clicking the link in the message may put your information and the university's information and systems at risk.

If you have already responded to the message, change your IT Account password in SPIRE immediately. Please report suspicious messages to itprotect@umass.edu.


When receiving suspicious messages or messages from unknown senders, we recommend that you:

  • Verify the identity of anyone who requests your personal information. Never provide financial data or other personal information in response to an email or on an untrusted site or form.
  • Report these messages to itprotect@umass.edu.

Learn more about phishing attacks and how to avoid getting caught: 


Phishing message

Phishing message claiming to be sent by Chancellor Subbaswamy

Attached file

a pdf document telling the viewer to 'click here to access via microsoft pdf reader'

Fraudulent login page

Fake microsoft office login page using a '.ml' web address rather than '.edu'