Search Google Appliance

Information Technology

Fresh Phishing Scams on Campus

Real-life phishing examples caught by the UMass Amherst community:

 

Phishing Scam Trend: 'Urgent Request' Scams

We have seen an ongoing trend of fraudulent messages following an 'urgent request' message style. There are many variations, but these messages typically:
  1. Come from a non-UMass email address, but may claim to be a member of the university community.
  2. Are short and use urgent language to trick the recipient into responding quickly without thinking.
  3. Request the recipient contact the sender directly in another way, typically by asking for a cellphone number or other contact information.
    • Examples include "Send me your available cell number," "Email me once you get this," or "Drop your mobile number."
  4. Often ask the recipient to purchase something for the sender, such as gift cards

Be wary of urgent requests you did not expect to recieve! Slow down and check the details. If you are not sure about a message, send it to itprotect@umass.edu.

 


FRESH PHISH: December 14, 2020

  1. The message claims to be from UMass Amherst, but the actual address is a "umass.department" address rather than a trusted "@umass.edu" address. 
  2. The message contains a link titled "SIGN IN HERE," which does not show it's actual address. 
    • Hover over links to check them before clicking! Hovering over this link shows that it leads to a non-UMass address. 
  3. The link in the message directs to a fraudulent UMass Amherst login page with a "abcdesign.ca" url, rather than a trusted UMass address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message:

phish example 12 14 20

Fraudulent login page:

A fake umass amherst login page with an abcdesign.ca address

 


FRESH PHISH: October 7, 2020

  1. The message claims to be from "Human Resources," but the actual sender is not a trusted UMass address. 
  2. The message includes a link which is formatted to look like a trusted UMass address, but hides its actual address. 
    • Hover over links to check them before clicking! Hovering over this link shows that it leads to a non-UMass address. 
  3. The link in the message goes to a fake SPIRE login page, with a .com.pl address, rather than a .edu address. 

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message:

phish example 10 7 20

Fraudulent login page:

a fake SPIRE login page with a non-.edu address

 


 

FRESH PHISH: September 29, 2020

  1. The message claims to be sent by "Andrew Mangels," but the actual email is a gmail address, not a trusted UMass Amherst address.
  2. The message includes very little text, prompting the recipient to open an attachment. 
  3. Do not open attachments you did not expect to recieve!

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phish example 9 29 20

 


FRESH PHISH: October 5, 2020

  1. The message claims to be sent by "UMASS STUDENT EPLOYMENT," but the actual email is a gmail address, not a trusted UMass Amherst address.
  2. Phishing messages often include spelling and grammar errors. In this case, the message does not capitalize "UMass," and is missing a period in the first sentence, among other things. 
  3. The message prompts the recipient to respond directly at the (non-UMass) email address, and to provide a phone number. 
    • Be wary of messages unexpectedly asking you to provide further contact information! They may be trying to scam you in a less traceable way. 
  4. The message is signed with a different name from the sender. Beware of messages that don't seem to know who they're coming from. 

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phish example 10 5 20

 


 

FRESH PHISH: September 29, 2020

  1. The message claims to be sent by "Andrew Mangels," but the actual email is a gmail address, not a trusted UMass Amherst address.
  2. The message includes very little text, prompting the recipient to open an attachment. 
  3. Do not open attachments you did not expect to recieve!

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phish example 9 29 20

 


 

FRESH PHISH: August 11, 2020

  1. The message claims to be sent by "Lauren Mahoney AF," but the actual email is not a trusted UMass Amherst address.
  2. The message includes a link which does not show the actual address, and hovering over the link shows it does not go to a trusted UMass Amherst address. 
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  3. Phishing messages often use language which tries to trick the recipient into acting quickly without thinking or double checking information. For example, this message tells the recipient to only ask questions after reviewing the (fraudulent) document. 
  4. The link in the message directs to a fake Microsoft OneDrive login page, which is actually a pdf file stored in Box.
  5. The file contains a link which does not display it's address. 

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Fake Microsoft login page presented as a box file

 


 

FRESH PHISH: August 10, 2020

  1. The message claims to be sent by "Assistive Technology Center" or "Allison Neher," but the actual email is not a trusted UMass Amherst address.
  2. Phishing messages often language that creates a false sense of urgency in order to trick the recipient into acting quickly without thinking.
    • For example, this message tells the recipient that their email will be "blocked from sending and receiving" and that they need to take action "within 24 hours." 
  3. The message includes a link which does not show the actual address, and hovering over the link shows it does not go to a trusted UMass Amherst address. 
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  4. The link in the message directs to a fake Microsoft OneDrive login page. 

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 8 11 2020

Fake Microsoft login page

 


FRESH PHISH: July 22, 2020

  1. The sender, cc381@ad.uni-heidelberg.de, is not a trusted UMass Amherst address.
  2. Phishing messages often language that creates a false sense of urgency in order to trick the recipient into acting quickly without thinking.
    • For example, this message tells the recipient that their "umass.edu email certificate will expire soon," and that they need to take action right away. 
  3. The message includes a link which does not show the actual address, and hovering over the link shows it does not go to a trusted UMass Amherst address. 
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  4. The link in the message directs to a fake UMass Amherst login page. Phishing scams often misuse brand elements such as logos or colors. This fake login page uses a purple color which isn't normally used on UMass Amherst websites.  
  5. The fake login page displays a footer showing that it was made with a free website builder. UMass Amherst websites are not likely to be made with such tools.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 7 22 2020; message coming from a uni-heidelberg.de address

Fake UMass Amherst login page made with yola free website builder

 


FRESH PHISH: June 12, 2020

  1. The sender claims to be "UMass Amherst<it@umass.edu>," but the actual address is not a trusted UMass address.
  2. Phishing messages often include spelling and grammar errors. For example, this one includes a comma directly before a colon. 
  3. Phishing messages often language that creates a false sense of urgency in order to trick the recipient into acting quickly without thinking.
    • For example, this message tells you that waiting to take action will cause a "permanent" error. 
  4. The message includes a link which is formatted to look like a legitimate UMass Amherst page address, but hovering over the link shows it actually directs to a different page. 
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  5. The message claims to be both UMass Amherst and Microsoft Corporation. If the sender doesn't seem to know who they are, they're probably pretending to be someone else. 
  6. The link in the message directs to a fake SPIRE login page, with "tantechholdings.com" web address. 

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 6 17 2020; message claiming to come from UMass IT

Fake SPIRE login page with a tantechholdings.com address

 


FRESH PHISH: June 12, 2020

  1. The sender claims to be "Support Centre <it@umass.edu> UMass Support," but the actual address is not a trusted UMass address.
  2. Phishing messages often language that creates a false sense of urgency in order to trick the recipient into acting quickly without thinking.
    • For example, this message tells you that a "critical" security feature is not enabled, and that "your account will be temporarily suspended" if you do not take action. 
  3. The message includes a link which is formatted to look like a legitimate UMass Amherst page address, but hovering over the link shows it actually directs to a different page. 
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  4. The link in the message directs to a fake SPIRE login page, with an "imobisolo.com" web address. 

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 6 12 2020; message claiming to come from UMass IT

Fake SPIRE login page with an imobisolo.com address

 


FRESH PHISH: May 18, 2020

  1. The sender claims to be "automigrate@umass.edu," but the actual ddress is a suniveral.com address, rather than a trusted UMass address.
  2. Phishing messages often include spelling and grammar errors. In this case, the message says "click on the like below to to update your Umass account," and has a sentence with a space before the period. 
  3. The message includes a link which is formatted to look like a legitimate UMass login page address, but hovering over the link shows it directs to a srotetz.com address instead. 
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 5 18 2020; message claiming to come from automigrate at umass.edu

Fake umass amherst login page with a srotetz.com address

 


FRESH PHISH: April 7, 2020

  1. The sender claims to be Chancellor Kumble Subbaswamy, but the address is an earthlink.net address, rather than a trusted UMass address.
  2. Be wary of messages claiming to be campus leaders or important public figures unexpectedly contacting you directly.
    • Do not provide sensitive information unless you expected to be asked for it and are fully sure of the identity of the sender. If you aren't sure, contact itprotect@umass.edu before responding. 
  3. Phishing messages often include spelling and grammar errors. In this case, the message has "task" misspelled in the subject line, and capitalizes a word in the middle of a sentence. 

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 4 7 2020; message claiming to come from the Chancellor

 


FRESH PHISH: March 31, 2020

  1. The sender claims to be Alan Manuel,” but the address is not a trusted UMass address.
  2. Phishing messages often use language to create a false sense of urgency, to try to trick you into acting quickly without thinking. In this case, the message tells the recipient that their "access to the Moodle will soon expire.
  3. The message includes a link whose address is not displayed.
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  4. Phishing messages often include spelling and grammar errors. In this case, the message has Amherst spelled as "Amherstn."
  5. The link in the message directs to a fake UMass Amherst login page.
    • Never enter your account information on a webpage you aren't sure about. If you aren't sure if a login page is legitimate, please contact itprotect@umass.edu first. 

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 3 31 2020; message from 'University Libraries'

 


FRESH PHISH: March 4, 2020

  1. The sender is a .edu address, but is not a trusted UMass address.
  2. Phishing messages often include spelling and grammar errors. For example, this message's sender claims to be named "Imoportant Message" [sic].
  3. Phishing messages often misuse branding assets such as logos, colors, or fonts. In this case, elements of the message are dark blue, rather than UMass Amherst brand colors.
  4. The message includes a link whose address is not displayed.
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  5. The link in the message directs to a fake UMass Amherst login page which has a url starting in 'A2prosports.com,' rather than a trusted .edu address.
    • Never enter your account information on a webpage you aren't sure about. If you aren't sure if a login page is legitimate, please contact itprotect@umass.edu first. 

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 3 4 2020; message from 'University Libraries'

Fake UMass Libraries landing page with an address starting in 'A2prosports.com'

 


FRESH PHISH: February 20, 2020

  1. The sender claims to be "University Libraries" but the actual sender is not a trusted UMass email address.
  2. Phishing messages often create a false sense of urgency, to try to convince the recipient to react quickly without thinking. For example, this message includes the current date and a time not far in the future, to instruct the recipient to "renew now."
    • Slow down - If you are unsure about whether or not an email with a request is legitimate, please contact itprotect@umass.edu before taking action.
  3. The message includes a link whose address is not displayed.
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  4. The link in the message directs to a fake UMass Amherst login page with a complicated url which includes "umass.edu" but is actually a .tk web address.
  5. Never enter your account information on a webpage you aren't sure about. If you aren't sure if a login page is legitimate, please contact itprotect@umass.edu first. 

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 2 20 2020; message from 'University Libraries'

Fake UMass Libraries landing page with a long web address which includes umass.edu but is actually a .tk address

 


FRESH PHISH: February 10, 2020

We are seeing several examples of scams targeting the campus community using language similar to this example. The trend involves scammer(s) creating a fake email address that tries to resemble that of faculty and staff on campus (e.g. [faculty name].umass.amherst@gmail.com or [faculty name].umass.edu@gmail.com).

These fraudulent emails tend to have “Confidential,” "Reply ASAP," or "Urgent Request" in the subject line, with the body of the message asking the recipient to immediately reply. The scammer(s) also attempt to replicate the email signature of the person they’re posing as.

Example:

  1. The sender claims to be an important person on campus (in this case, AnnMarie Duchon). Be wary of direct messages claiming to be from campus leaders or other important people that you did not expect to recieve. The actual address is not a trusted UMass email address.
  2. Phishing messages often create a false sense of urgency, to try to convince the recipient to react quickly without thinking. For example, this message claims to be "important" and urges the recipient to act quickly.
    • Slow down - If you are unsure about whether or not an email with a request is legitimate, please contact itprotect@umass.edu before taking action.
  3. Phishing messages often include spelling or grammar errors. For example, this message says "Immediately this mail gets to you give me a reply."

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Example of phishing message claiming to be sent by Ann Marie Duchon, but coming from a gmail address. The message includes urgent language and spelling and grammar errors.

 


FRESH PHISH: October 24, 2019

  1. The sender claims to be an important person on campus (in this case, John McCarthy). Be wary of direct messages claiming to be from campus leaders or other important people that you did not expect to recieve.
  2. The actual sender is not a trusted UMass email address (in this case "officeContact@email.cz").
  3. Phishing messages often create a false sense of urgency, to try to convince the recipient to react quickly without thinking. For example, this message instructs the recipient to take action "right now."
    • Slow down - If you are unsure about whether or not an email with a request is legitimate, please contact itprotect@umass.edu before taking action.
  4. Phishing messages often include spelling or grammar errors. For example, this message capitalizes a word in the middle of a sentence.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 10 24 2019; message from 'John McCarthy'

 


FRESH PHISH: October 15, 2019

  1. The sender claims to be "Information Technology," but is actually "IT@web.edu" - not a trusted UMass email address.
  2. Phishing messages often create a false sense of urgency, to try to convince the recipient to react quickly without thinking. This message:
    • Instructs the recipient to take action "immediately."
    • Includes the phrase "Please do this right away."
    • Slow down - If you are unsure about whether or not an email with a request is legitimate, please contact itprotect@umass.edu before taking action.
  3. The link titled "Check password" does not display its actual address.
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  4. The link in the message directs to a fraudulent login page with a "forms.office.com" url, which includes a long string of characters.
  5. Phishing messages often misuse branding assets such as logos, colors, or fonts. In this case, the fake login page isn't even close to UMass Amherst's brand identity - it's the wrong color, the fonts are wrong, and it doesn't include the UMass logo. Some fake login pages are very convincing, but be extra cautious of webpages that just don't look right.
    • Do not enter personal information on webpages you don't trust. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 10 15 2019; message from 'information technology' - actually it@web.edu

fake landing page with a forms.office.com url, green colors rather than umass maroon, and simply the word 'edu' instead of a logo

 


FRESH PHISH: October 15, 2019

  1. Be cautious of messages you didn't expect to recieve. While this message's sender appears to be a trustworthy UMass email address, if you didn't expect a message or don't know the sender, be extra cautious of links and attachments.
  2. The link titled "Listen to message" does not display its actual address.
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website, but instead to a url starting with "gittylite.web.app."
  3. Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 10 15 2019; message from 'Pam Mertes' including a link to 'listen to a voicemail'

 


FRESH PHISH: July 22, 2019

  1. The sender, "Venega, Rodrigo Alejandro" is not a trusted UMass email address.
  2. The link titled "click Here" does not display its actual address.
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not open files or links you did not expect to be sent.   
  3. Phishing messages often include spelling or grammar errors. In this case, the message is missing punctuation.
  4. The link in the message directs to a fake UMass login page. The page has a weebly.com url, rather than umass.edu.
  5. Phishing scams often misuse brand assets of a trusted institution. In this case, the fraudulent login page includes a very low resolution copy of the UMass Amherst seal as a background image.
  6. Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 7 22 2019

fake UMass login page with a weebly.com url


FRESH PHISH: April 4, 2019

  1. The sender claims to be Marty Meehan from the President's Office, but the actual email is a frontier.com address, and not a trusted UMass address.
  2.  Phishing messages often create a false sense of urgency, to try to convince the recipient to react quickly without thinking. This message:
    • Is labeled as "urgent"
    • Asks the recipient to respond discreetly - trying to trick them into responding without checking with anyone else first.
      If you are unsure about whether or not an email with a request is legitimate, please contact itprotect@umass.edu before responding.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 4 4 2019


FRESH PHISH: February 12, 2019

  1. The sender claims to be Kim Graves, but the actual email is not a trusted UMass address.
  2.  The email asks the recipient to click a link titled "View," whose address is not displayed.
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not open files or links you did not expect to be sent.
  3.  The links in the message direct to a fake Microsoft login page. The URL was not a trustworthy UMass web address, and included a long string of characters.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 2 12 2019

a fake microsoft login page with a .appSpot.com url with a long string of characters in it


FRESH PHISH: February 7, 2019

  1. The sender claims to be Marisa Casey, but the actual email is not a trusted UMass address.
  2.  The email asks the recipient to click a link titled "View," whose address is not displayed.
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not open files or links you did not expect to be sent.
  3.  The links in the message direct to a fake Microsoft login page. The URL was not a trustworthy UMass web address, and included a long string of characters.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 2 7 2019

a fake microsoft login page with a .appSpot.com url with a long string of characters in it


FRESH PHISH: August 16, 2018

  1. The sender claims to be Chancellor Subbaswamy, but the actual email is not a trusted UMass address.
    • Be wary of messages that claim to be important people contacting you directly.
  2. Phishing messages often use language that creates a false sense of urgency, trying to trick you into acting quickly without thinking. For example, this message included language like "shared an Urgent Document with you."
  3.  The email asks the recipient to click a link titled "Important Document," whose address is not displayed.
    • Check links before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not open files or links you did not expect to be sent.
  4.  The links in the message direct to a non-UMass login page. The URL was not a trustworthy UMass web address, and included a long string of characters.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 8 16 18

non-umass login page with bright green colors and a url with a long string of characters in it


FRESH PHISH: August 15, 2018

  1. The sender appears to be "Service" and claims to be from UMass, but the actual email is not a trusted UMass address.
  2. Phishing messages often include spelling and grammar mistakes. For example, this message capitalizes the word "request" in the middle of a sentence.
  3.  The email asks the recipient to click a link titled "Your Incident," whose address is not displayed.
    • Check links before clicking! Be wary of links that claim to be sent by a university, but which are using a non-.edu web address. This link uses the .online tld.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  4.  The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 8 15 18

Fake umass login page using a '.online' address rather than '.edu'


FRESH PHISH: July 20, 2018

  1. The sender claims to be “University of Massachusetts Amherst Mail” and to be from UMass, but the actual address is not a trusted UMass email address.
  2. The email asks the recipient to click a link titled "SIGN IN HERE," whose address is not displayed. 
    • Check links before clicking! Be wary of links that claim to be sent by a university, but which are using a non-.edu web address. This link uses the .be tld.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
    •  The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 7 20 18


FRESH PHISH: June 13, 2018

  1. The sender claims to be “Jessica Rivera” and to be from UMass, but the actual address is not a trusted UMass email address.
  2. The email asks the recipient to click a link whose address is not displayed. 
    • Check links before clicking! Be wary of links that claim to be sent by a university, but which are using a non-.edu web address. This link uses the .be tld.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. Phishing messages often create a false sense of urgency. For example, this message uses language like "Expected deactivation date: [one day away]" to try to get the recipient to react quickly without thinking.
  4. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and was not a .edu address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 6 13 18 fake login page which had a weird url with a .be tld


FRESH PHISH: June 11, 2018

  1. The sender claims to be “Margara Russotto” and to be from UMass, but the actual address is not a trusted UMass email address.
  2. The email asks the recipient to click several links whose addresses are not displayed. 
    • Hover over links to check the urls for a trusted site before clicking! While these addresses did not look trustworthy to begin with, hovering over these links shows that they go to a completely different untrustworthy non-UMass website.
    • It's also a good idea to copy and paste links into your web browser, rather than clicking.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and was not a .edu address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 6 11 18 fake login page which had a weird url with a .nl tld


FRESH PHISH: May 31, 2018

  1. This message was caught being sent from three different addresses. The sender claimed to be the Office of the Provost, and the actual addresses - including "juliana-bodo@t-online.de" - were not genuine umass email addresses.
  2. The email asks the recipient to click a link labeled "CALENDAR 2018-2019."
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not download files or click links you did not expect to be sent.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing message example 5 31 2018fake login page example whose address includes a long string of characters with lots of percent signs, and does not use the .edu tld


FRESH PHISH: May 30, 2018

  1. The sender claims to be “Anne Bastarache” and to be from UMass, but the actual address is not a trusted UMass email address.
  2. Phishing messages often contain spelling and grammar errors such as inconsistent capitalization found in the message's subject field.
  3. Phishing messages often use informal language such as "But record shows you are still active in service and so advised to terminate this request otherwise give us reasons to deactivate your university account.
  4. The email asks the recipient to click several links whose addresses are not displayed. 
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  5. Phishing messages often create a false sense of urgency. For example, this message includes language like "Accounts filed for deactivation has been submitted and will be processed within 24hr." to try to convince the recipient to act quickly without thinking.
  6. The email claims to have been sent by an "Instructor" with a role/department that either does not exist or is improperly formatted and contains additional grammar and punctuation errors. 
  7. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: May 29, 2018

  1. The sender claims to be "Alba Rosa Frias" and to be from UMass, but the actual address is not a trusted UMass email address.
  2. Phishing messages sometimes use clickbait titles, or incomplete titles that lack information, to try to trick recipients into clicking links. Don't let your curiosity get the best of you - if you were not expecting to be sent a file or link, do not open it.
  3. Phishing messages often use informal language. For example, the message opens with "Please endeavor."
  4. The email asks the recipient to click a link. The link in the message does look like a trustworthy UMass web address - but it's very easy to make a link look like one address and actually direct to a completely different site. In this case, the link text was a fake UMass web address, and the actual hyperlink directed to a non-trustworthy url, which was not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • It's also a good idea to copy and paste links into your web browser, rather than clicking.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: May 22, 2018

  1. The sender claims to be "Byung Kim" and to be from UMass Amherst, but the actual address is not a trusted UMass email address.
  2. The email asks the recipient to click a link. The link in the message does look like a trustworthy UMass web address - but it's very easy to make a link look like one address and actually direct to a completely different site. In this case, the link text was a fake UMass web address, and the actual hyperlink directed to a non-trustworthy url, which was not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • It's also a good idea to copy and paste links into your web browser, rather than clicking.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. Phishing messages often create a false sense of urgency. This message uses language like "...permanent suspension without notification" to try to trick recipients into acting quickly without thinking.
  4. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example May 9 2018

Fraudulent login page example may 9 2018


FRESH PHISH: May 18, 2018

  1. The sender, "Alankrita.A.Jethi@tn.gov" is not a trusted UMass email address.
  2. The email asks the recipient to click several links, including one titled "please login to the notification systems," whose addresses are not displayed. .
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. Phishing messages often create a false sense of urgency. This message uses language like "this service is mandatory for all current employees" to try to trick recipients into acting quickly without thinking.
  4. Phishing messages often include spelling and grammar mistakes. This message includes some phrases which seem to be missing words or punctuation, such as "...in the university also feedback about this service are welcomed."
  5. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and contained unusual words and characters, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example May 18 2018

Fake UMass login page example May 18 2018, which used an unusual web address extension


FRESH PHISH: May 10, 2018

  1. The sender claims to be "Umass Mail," but the actual address is not a trusted UMass email address.
  2. Phishing messages often include spelling and grammar errors or use informal language. For example, the message opens with "Hi," with no punctuation.
  3. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  4. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and contained unusual strings of characters, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example May 10 2018

Fake UMass login page example May 10 2018


FRESH PHISH: May 9, 2018

  1. The sender claims to be "Karen White" and to be from UMass Amherst, but the actual address is not a trusted UMass email address.
  2. Phishing messages sometimes use clickbait titles, or incomplete titles that lack information, to try to trick recipients into clicking links. Don't let your curiosity get the best of you - if you were not expecting to be sent a file or link, do not open it.
  3. Phishing messages often use informal language. For example, the message opens with "Hi," with no punctuation.
  4. The email asks the recipient to click a link. The link in the message does look like a trustworthy UMass web address - but it's very easy to make a link look like one address and actually direct to a completely different site. In this case, the link text was a fake UMass web address, and the actual hyperlink directed to a non-trustworthy url, which was not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • It's also a good idea to copy and paste links into your web browser, rather than clicking.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  5. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address, and contained unusual strings of characters, and did not use the .edu tld.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example May 9 2018

Fraudulent login page example may 9 2018


FRESH PHISH: May 7, 2018

  1. The sender claims to be "Cindy Wills" and to be from UMass Amherst, but the actual address is not a trusted UMass email address.
  2. Phishing messages often use informal language. For example, the message opens with "Hi," with no punctuation.
  3. The email asks the recipient to click several links - titled "please login to the notification systems," "seen here," and "frequently asked questions." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  4. Phishing messages often include spelling and grammar errors. This message includes sentences that are noticeably missing words or punctuation, such as the phrase "...for all current employees in university also feedback about this service..."
  5. The links in the message direct to a fraudulent version of the UMass login page. The URL was not a trustworthy UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example May 7 2018

Fraudulent login page example may 7 2018


FRESH PHISH: April 30, 2018

  1. The sender, "Edwards, Katlyn Elizabeth" is not a trusted UMass email address.
  2. The email asks the recipient to click a several links - titled "Cancel Request," "View form," and "click here." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
    • Do not download or open files you did not expect to be sent.
  3. The links in the message direct to a fraudulent version of the UMass login page. The URL contained long strings of random characters, and was not a trustworthy UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing message example April 30 2018

Fraudulent login page example april 30 2018


FRESH PHISH: April 18, 2018

  1. The sender, "Eric Oberndorf" claims to be from UMass, but the actual address is not a trusted UMass email address.
  2. Phishing messages often include spelling and grammar errors or use informal language. For example, the message opens with "Hi," with no punctuation, and ends a sentence with a comma.
  3. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Second phishing example April 18 2018


FRESH PHISH: April 18, 2018

  1. The sender, "Furhmann, Jacques P" is not a trusted UMass email address.
  2. Phishing messages often create a false sense of urgency, to try to convince the recipient to react quickly without thinking. For example, this message includes language such as "Priority: High" and "If you do not reply... within 24hrs."
  3. Phishing messages often include spelling or grammar errors. This message includes several, such as capitalization of words mid-sentence.
  4. The email asks the recipient to click a link with the title "Your incident." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  5. The link in the message directs to a fraudulent version of a UMass login page. The web address is not a trustworthy UMass address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing example April 18 2018

Fraudulent login page linked to by April 18 2018 phishing scam


FRESH PHISH: March 27, 2018

  1. The sender claims to be "Umass Mail," but the actual address is not a trusted UMass email address.
  2. Phishing messages often misuse brand logos, fonts, or colors. This message includes an unusual and incorrectly designed version of the UMass Amherst wordmark.
  3. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing example March 27 2018


FRESH PHISH: March 26, 2018

  1. The sender claims to be "University of Massachusetts <job.supprt@umass.edu>," but the actual address" is not a trusted UMass email address.
  2. Phishing messages often misuse brand logos, fonts, or colors. This message uses colors similar to the UMass brand colors, but in a very different way from how they would be used in legitimate UMass communications (as the background color for the message).
  3. Phishing messages often contain spelling and grammar errors. This message has many, notably including many capitalized words mid-sentence, and several instances of spaces before periods.
  4. The email asks the recipient to click a link with the title "APPLY FOR THIS JOB." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing example March 26 2018


FRESH PHISH: March 15, 2018

  1. The sender claims to be "University of Massachusetts Amherst," but the actual address, "<web@goodoogs.com.au>," is not a trusted UMass email address.
  2. Phishing messages often contain spelling and grammar errors. This message includes strange capitalization and a space before a period.
  3. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing example March 15 2018


FRESH PHISH: March 14, 2018

  1. The sender, "<sytacke@ilstu.edu>," is not a trusted UMass email address.
  2. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

phishing example March 14 2018


FRESH PHISH: February 27, 2018

  1. The sender claims to be "Umass Mail," but the actual address is not a trusted UMass email address.
  2. Phishing messages often create a false sense of urgency, to try to convince the recipient to react quickly without thinking. For example, this message claims to be of high importance. Some legitimate messages may include this label, but always remember to stop and think before acting.
  3. Phishing messages often include spelling and grammar errors or use informal language. For example, this message capitalizes the word "department" in the middle of a sentence.
  4. The email asks the recipient to click a link with the title "Click Here." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.


FRESH PHISH: February 24, 2018

  1. The sender, "<j.1.fang@herts.ac.uk>" is not a trusted UMass email address.
  2. The email asks the recipient to click a link with the title "Click Here." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
  3. Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 24th 2018

Untrusted webpage asking for account information


FRESH PHISH: February 23, 2018

  1. The sender claims to be "Umass Mail," but the actual address is not a trusted UMass email address.
  2. Phishing messages often include spelling and grammar errors or use informal language. For example, this message includes improper spacing such as the phrase "mffoley ley . ."
  3. The email asks the recipient to click a link with the title "SIGN IN HERE." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  4. The fraudulent login page linked to by the email did not have a trusted UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 23rd 2018

Fake login page example feb 23 with non-umass web address


FRESH PHISH: February 21, 2018

  1. The sender is not a trusted UMass email address.
  2. The email asks the recipient to click a link with following the text "view this ticket's progress online" and a second to "login to your account." The link addresses are not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. The fraudulent login page linked to by the email did not have a trusted UMass web address.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 21st 2018

Fake login page example feb 21 with non-umass web address


FRESH PHISH: February 21, 2018

  1. The sender claims to be "UMass Mail" but the actual address is not a trusted UMass email address.
  2. Phishing messages often create a false sense of urgency, to try to convince the recipient to react quickly without thinking. For example, this message claims to be of high importance. Some legitimate messages may include this label, but always remember to stop and think before acting.
  3. Phishing messages often include spelling and grammar errors or use informal language. For example, the message opens with "Hi," with no punctuation.
  4. The email asks the recipient to click a link with following the text "SIGN IN HERE." The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 21st 2018


FRESH PHISH: February 14, 2018

  1. The sender claims to be "UMass Amhers," but the actual address <mrobin495@yahoo.com> is not a trusted UMass email address.
  2. The email asks the recipient to click a link with following the text "Verify Your Account Now." Though the link appears to be displayed, the text in the message is different from the address that the link directs to!
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  3. Phishing messages often create a false sense of urgency. For example, this message includes language like "...email account will be treated as inactive and deleted!" to try to convince the recipient to act quickly without thinking.
  4. Phishing messages often include spelling and grammar errors. For example, this message frequently refers to itself as "UMassAmhers."

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 14th 2018


FRESH PHISH: February 6, 2018

  1. The sender claims to be UMass Amherst, but the actual address <allan.banning@cosmotemail.gr> is not a trusted UMass email address.
  2. Phishing messages often include spelling and grammar errors. For example, this message includes weird phrases like "you are advice."
  3. The email asks the recipient to click a link with the text "Click here to verify" The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.
  4. Phishing messages often create a false sense of urgency. For example, this message includes language like "services will permanently be disabled" to try to convince the recipient to act quickly without thinking.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example February 6th 2018


FRESH PHISH: January 31, 2018

  1. The message, which appears to have been sent by "Pamela Lester <plester@umass.edu>" uses informal language with spelling and grammar errors - for example, the message opens with "Hi," with no punctuation.
  2. Phishing messages often include spelling and grammar errors. For example, this message capitalizes the word "Your" in the middle of a sentence.
  3. The email asks the recipient to click a link with the text "SIGN IN HERE." The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example January 31st 2018


FRESH PHISH: January 31, 2018

  1. The sender ("Mucerino, Allan <amucerino@fullerton.edu>") is not a trusted UMass address.
  2. Phishing messages often try to create a false sense of urgency. This message uses language including "Priority: High" and "If you do not reply, this request will be formally closed..." to attempt to trick the recipient into responding quickly without thinking.
  3. The email asks the recipient to click a link with the text "Your incident." The link address is not displayed.
    • Hover over links to check the urls for a trusted site before clicking! Hovering over this link shows that it does not lead to a trusted UMass website.
    • Do not enter personal information on untrusted websites. If you are unsure, please email itprotect@umass.edu.

Note: Always verify the identity of the sender before opening any attachments or clicking any links.
If you have a phishing example or question, please email itprotect@umass.edu.

Phishing email example January 31st 2018