Phishing Emails

Four Easy Ways to Spot a Phishing Email–Preventative Security

4 Ways to Spot a Phishing Attempt. 

Phishing attempts will almost always come with an “urgent” message about your mailbox, or with some security update or cryptic message about upgrades or compromised accounts.  It almost always involves a threat to shut-off your account unless you click the link and enter your credentials.  If you receive a suspicious email ask us about it!

1. 1. Is the email from a trusted internal University or IS&T source? Check the email first—does the signature and email match? IS&T will never send technology or email updates from a Forum.montevallo.edu email address, student accounts, or outside accounts or 3^rdparty address.  All communication comes from a member of IS&T or the UM IS&T account.
   2. Does the email ask you to click on a link or enter your credentials to verify your account? This is actually the easiest way to identify a Phishing Email—IS&T will never send an email threatening to shut off your account unless you put in your credentials. If we see a compromised account we just shut it off and wait for a call (you will thank us later). If it is difficult to determine if the link is legitimate, double check the other tips in this tutorial.  If IS&T does system upgrades, you will know about it well in advance. The communication will come from a member of the IS&T Team and you will only need to follow the normal, trusted sources to access your email.  We do not need to verify accounts, and if a password reset is needed it happens in person and/or on the phone with some verifying data.
   3. Does the email contain some weird or incorrect grammar such as: “…discovered an irregular updates on your account” Most phishing is automatically generated from robotic programs whose authors do not typically have English as a native language. This is usually a tip-off that it is a phishing email.
   4. Does the link go somewhere other a Montevallo source? Just hover your mouse over the link and see where it goes—as in the latest round hovering the mouse shows the link goes to web-update20188.weebly.com.  All UM IS & T emails, assuming they contain a link should go to trusted UM sources.

Finally, a bonus look—who is the email signed by?  If it is not one of the IS&T Staff or the Solution Center it did not come from us.  Hopefully this helps you, in the long run we will need to continue to work together to reduce this sort of spam. We are trying to continually tweak the Barracuda device to catch these sorts of emails, which is challenging to do without shutting off a lot of legitimate email.

 

How can you spot and avoid scams like these? Before you click on a link or share any of your sensitive information:

• Check it out. If you have concerns about an email, contact the sender directly. Look up their phone number or website yourself. Don’t click on a link. That way, you’ll know you’re not about to call a scammer or follow a link that will download malware.
• Take a closer look. While some phishing emails look completely legit, bad grammar and spelling can be a tip-off to phishing. Another clue that the email is not really from your school: they use the wrong department name. In one example we’ve seen, the scammers called themselves the Financial Dept instead of the Financial Aid Department.

If you spot something that looks like a phishing scam, report it. Forward the message to the Anti-Phishing Working Group (an organization which includes ISPs, security vendors, financial institutions, and law enforcement agencies) at reportphishing@apwg.org. You can also report phishing to the FTC at ftc.gov/complaint.

Information Services & Technology

---

September 14, 2021 Scam Email

Hello,  I’m a staff in the college, a professor shared me a link for students who might be interested in a PAID PART-TIME PERSONAL ASSISTANT POSITION job to make up to $500 weekly,

For more info email him with your private email address –   ***********@gmail.com

NOTE: This is a Work from Home Position
Do have a good day. Thank you.

---

March 28, 2021 Scam Email

From: Houston Byrd <byrdh67montevallo.edu@gmail.com>
Sent: Sunday, March 28, 2021 4:00 PM
Subject: Immediately response needed

Send me your available text number that I can reach you at.–

Dr. Houston Byrd
Department Chair
Professor of Chemistry
Biology-Chem-Math Department
Harman 117A

---

June 4th Scam Email

Hey college students: even though you’re likely far from campus, scammers are still trying to find you.

Maybe you or your friends have gotten an email claiming to be from the “Financial Department” of your university. The email tells you to click on a link to get a message about your COVID-19 economic stimulus check — and it needs to be opened through a portal link requiring your university login. Don’t do it. It’s a phishing scam. If you click to “log in,” you could be giving your user name, password, or other personal information to scammers, while possibly downloading malware onto your device.

How can you spot and avoid scams like these? Before you click on a link or share any of your sensitive information:

·         Check it out. If you have concerns about an email, contact the sender directly. Look up their phone number or website yourself. Don’t click on a link. That way, you’ll know you’re not about to call a scammer or follow a link that will download malware.

·         Take a closer look. While some phishing emails look completely legit, bad grammar and spelling can be a tip-off to phishing. Another clue that the email is not really from your school: they use the wrong department name. In one example we’ve seen, the scammers called themselves the Financial Dept instead of the Financial Aid Department.

If you spot something that looks like a phishing scam, report it. Forward the message to the Anti-Phishing Working Group (an organization which includes ISPs, security vendors, financial institutions, and law enforcement agencies) at reportphishing@apwg.org. You can also report phishing to the FTC at ftc.gov/complaint.

---

 

November 14th Phishing Email

Date: Thursday, November 14, 2019 10:15 AM
From: The University of Montevallo <davewest@schallertel.net>
Subject: Important notice:

Attention,
All Staff/students are expected to migrate to the New 2019 Microsoft Outlook Web Portal to enable access to the below, Click here to migrate immediately.

Click here to migrate immediately.
http://www.123formbuilder.com/form-5135908/online-support
.Access the new staff directory
Access your pay slips and P60s
Update your ID photo
E-mail and Calendar Flexibility
Connect mobile number to e-mail for voice mail

Important notice: All staffs/Students Outlook Users are expected to migrate within 24 hours to avoid delay on mail delivery and to also enjoy the new outlook features.

On behalf of IT Support. This is a group email account and it’s been monitored 24/7, therefore, please do not ignore this notification, because it’s very compulsory.

Sincerely.
School Admin
Remote Desktop Services Coordinator.

---

November 3rd Phishing Email

Date: Sun 11/3/2019 4:57 PM
From: Jimmy Evans <bayleebuysbookstoo@gmail.com>
Subject: Fall Textbook Meeting

Good Afternoon,
I will be on campus tomorrow (Monday) November 4th and Tuesday November 5th!

If you have any unsolicited or unwanted textbooks and would like to get rid of them, please email me back to set an appointment. I pay CASH for your unused books on the spot. If you don’t mind, please include your Office Number, Building and Campus (if multiple locations are relevant). I do take some older editions but it depends on a case by case situation. I hope your semester has been great so far and I look forward to meeting you. Thank you!

Best,
Jimmy Evans
National Textbook Buyer

---

June 5th Phishing Email

June 5, 2019

May 31st Phishing Email

May 31, 2019

May 16 Phishing Email

May 16, 2019

May 10 Phishing Email

May 10, 2019

May 9 Phishing Email

May 9, 2019

May 8 Phishing Email

May 8, 2019

 

May 3 Phishing Email

May 3, 2019

April 30 Phishing Email

April 30, 2019

 

April 26 Phishing Email

April 26, 2019

April 18 Phishing Email

April 18, 2019

April 15 Phishing Email

April 15, 2019

 

April 4 Phishing Attempt

April 4, 2019

March 8 Phishing Attempt

 

March 5 Phishing Attempt

March 4 Phishing Attempt

February 25 Phishing Attempt

January 23 Phishing Attempt

January 18 Phishing Attempt

January 18, 2019

 

January 14 Phishing Attempt

January 14, 2019

January 9 Phishing Attempt

January 9, 2019

 

December 13 Phishing Attempt

December 13, 2018

 

December 5 Phishing Attempt

December 5, 2018

December 3 Phishing Attempt

December 3, 2018

Below is a screenshot of the phishing email:

November 28 Phishing Attempt

November 28, 2018

Below is a screenshot of the phishing email:

 

October 24 Phishing Attempt

October 24, 2018

Below is a screenshot of the phishing email:

October 18 Phishing Attempt

October 18, 2018

Below is a screenshot of the phishing email:

September 18 Phishing Attempt

September 18, 2018

Below is a screenshot of the phishing email:

September 11 Phishing Attempt

September 11, 2018

Below is a screenshot of the phishing email:

August 31 Phishing Attempt

August 31, 2018

Below is a screenshot of the phishing email:

August 16 Phishing Attempt

August 16, 2018

Below is a screenshot of the phishing email:

 

July 23 Phishing Attempt

July 23, 2018

Below is a screenshot of the phishing email:

 

July 19 Phishing Attempt

July 19, 2018

Below is a screenshot of the phishing email:

June 26 Phishing Attempt

June 26, 2018

Below is a screenshot of the phishing email:

June 15 Phishing Attempt

June 15, 2018

Below is a screenshot of the phishing email:

---

June 14 Phishing Attempt

June 14, 2018

Below is a screenshot of the phishing email:

---

June 13 Phishing Attempt

June 13, 2018

Below, there are two screenshots of a phishing email:

---

May 7 Phishing Attempt

May 7, 2018

Below is a screenshot of the phishing email:

---

April 12 Phishing Attempt

April 12, 2018

Below is a screenshot of the phishing email:

---

March 23 Phishing Attempt

March 23, 2018

Below is a screenshot of the phishing email:

March 21 Phishing Attempt

March 21, 2018

Below is a screenshot of the phishing email:

March 20 Phishing Attempt

March 20, 2018

Below is a screenshot of the phishing email:

March 14 Phishing Attempt

March 14, 2018

Below is a screenshot of the phishing email:

March 7 Phishing Attempt

March 7, 2018

Below is a screenshot of the phishing email:

March 5 Phishing Attempt

March 5, 2018

Below is a screenshot of the phishing email:

Feb. 23 Phishing Attempt

February 23, 2018

Below is a screenshot of the phishing email:

---

Feb. 21 Phishing Attempt

February 21, 2018

Below is a screenshot of the phishing email:

 

Feb. 16 Phishing Attempt

February 16, 2018

Below is a screenshot of the phishing email:

---

Feb. 13 Phishing Attempts

February 13, 2018

Below is a screenshot of the phishing email:

---

The following email has circulated targeting faculty and staff today. This email is not legitimate; if you notice this email in your inbox, please forward it to the Solution Center.

Below is a screenshot from the phishing email:

Feb. 7 Phishing Attempt

February 7, 2018

Below is a screenshot of the phishing email:

Feb. 5 Phishing Attempt

February 5, 2018

Below is a screenshot of the phishing email:

Feb. 1 Phishing Attempts

February 1, 2018

Below is a screenshot of the phishing email:

Below is the screenshot from an additional email:

Once you click Here on the previous email the following page appears:

 

Jan. 24 Phishing Attempt

January 24, 2018

Below is a screenshot of the phishing email:

Jan. 12 Phishing Attempt

January 12, 2017

Dear Campus Family,

Please be aware of this latest Phishing attempt which says it is from the Service Desk.  This is not legitimate. The link once clicked will take you to a page with spoofed Forum graphics. If you have clicked on it and entered your credentials please contact the Solution Center at ext. 6512. 

Also, we try to keep our website updated with the latest Phishing attempts—that link can be found here:  IS & T Systems Status (and will not ask for credentials).

Below is a screenshot of the phishing email:

 

Nov. 22 Phishing Attempt

November 22, 2017

On Wednesday November 22st, many UM students, faculty and staff began receiving an email with the subject “E-mail User”.
This email is a “phishing” attack, an attempt to trick individuals into revealing private information, such as their UM usernames and passwords. If you received this email, please delete it. If you replied to the email or clicked the embedded links, please contact the IS&T Solution Center at 205-665-6512.

Below is a screenshot of the phishing email:

 

Nov. 21 Phishing Attempt

All,

There have been several spam/fake emails being delivered lately. Most of these appear to be coming from an IT Department and are asking users to validate their Email Address. The current email actually claims to be from Montevallo’s IT department. For example:

The IS&T Department will never send out emails like these:

Please take some time to re-visit how to identify viruses in emails to avoid possibly opening and getting infected with the virus.

1. Look at the sender’s email address – These email addresses can be spoofed to look like someone you know, but also, they could be one that has a different country’s domain on it (example.com.ru, or support@microsoft.com.ru<mailto:support@microsoft.com.ru>)

2. Look at the Subject line – Does it create a sense of urgency? These are typically viruses. Does it have 1 word in it but appears to be a response like “Re: Document”? – This is also a tell tell sign of a virus.

3. Look at the body of the message – If the sender is a recognized sender, does it follow their normal emailing criteria – Does it have a salutation – is it directed to you specifically, or is it generic (Hi, vs Hi Adam,). Does it have a signature for the person who sent it? Does it match the name of the person you identified in the email address above? Does it have the company’s contact information and/or graphics that you’ve been accustomed to seeing if you’ve received mail from them before?

4. Look at the content of the body – Is it just asking you to open a file or go to a website link? Does it create a sense of urgency? With viruses, the purpose of the body is to entice you to open the attachment or link. A common method is by fear and urgency.

If you have any questions about the validity an email, please contact the Solution Center.

Nov. 21 Phishing Attempt

November 21, 2017

On Tuesday November 21st, many UM students, faculty and staff began receiving an email with the subject “The Academic Advancement Program Scholarship 2017”.

This email is a “phishing” attack, an attempt to trick individuals into revealing private information, such as their UM usernames and passwords. If you received this email, please delete it. If you replied to the email or clicked the embedded links, please contact the IS&T Solution Center at 205-665-6512.

Below is a screenshot of the phishing email:

 

Nov. 14 Phishing Attempt

   November 14th, 2017

On Tuesday November 14th, many UM students, faculty and staff began receiving an email with the subject “Employee Benefits”.  The email was sent to “Local Members” and appeared to be from a sender called “Local Members”.

This email is a “phishing” attack, an attempt to trick individuals into revealing private information, such as their UM usernames and passwords. If you received this email, please delete it.  If you replied to the email or clicked the embedded links, please contact the IS&T Solution Center at 205-665-6512.

Below is a screenshot of the phishing email:

 

 

Nov. 10 Phishing Attempt

November 10, 2017

Beginning Friday November 10th, many UM students, faculty and staff began receiving an email with the subject “Migrating”.
This email is a “phishing” attack, an attempt to trick individuals into revealing private information, such as their UM usernames and passwords. If you received this email, please delete it.  If you replied to the email or clicked the embedded link, please contact the IS&T Solution Center at 205-665-6512.

Below is a screenshot of the phishing email:

 

Nov. 6 Phishing Attempt

November 6, 2017

Beginning Saturday November 4th, many UM students, faculty and staff began receiving an email with the subject “Mail Update,”.
This email is a “phishing” attack, an attempt to trick individuals into revealing private information, such as their UM usernames and passwords. If you received this email, please delete it.  If you replied to the email or clicked the embedded link, please contact the IS&T Solution Center at 205-665-6512.

This specific phishing attack is particularly concerning, due to its use of our University of Montevallo logo and school colors.

Below is a screenshot of the phishing email:

 

 

 

Below is a screenshot of the phishing email:

Oct. 9 Phishing Attempt

October 12th, 2017

Beginning Monday October 9th, many UM students, faculty and staff began receiving an email with the subject “Account User”. This email is a “phishing” attack, an attempt to trick individuals into revealing private information, such as their UM usernames and passwords. If you received this email, please delete it.  If you replied to the email, please contact the IS&T Solution Center at 205-665-6512.

Below is a screenshot of the phishing email: