An agile IT department is always a boon in these situations, and the speed of your response speaks to that agility. Thank you. I'll be sure to forward any other phishing attempts I see to the list and to Sophos and CERT. If it would be helpful to forward that one to them, as well (if you haven't already), let me know.

Thanks again,

Jack Henahan
[log in to unmask]
==
Computer science is no more about computers than astronomy is about telescopes….
-- Michael R. Fellows and Ian Parberry
==






On Aug 31, 2011, at 9:39 AM, Dean Williams wrote:

> IT Colleagues, 
> 
> Although this phishing scam is not all that well crafted, it will be convincing enough for many nontechnical people, especially given the "fact" that it came from <[log in to unmask]>.  Thousands of new UVM email account holders have few legitimate UVM account-related messages to judge it against.  If you think it would help the people you support, please feel free to share with them a warning just published on the webmail.uvm.edu and www.uvm.edu/it sites, or to summarize key points for them: 
> 
>    http://www.uvm.edu/it/?Page=news&storyID=12290&category=etssecurity
> 
> While phishing attacks are never welcome, this one could serve a good educational purpose, providing some inoculation against more sophisticated attacks sure to arrive during the course of the academic year.  (Counting the even cruder "250MB" scam that arrived recently, this makes two credential-targeting phish in two weeks, which I hope is not a trend.)  
> 
> -Dean W. 
> 
> On Aug 31, 2011, at 8:30 AM, Dean Williams wrote:
> 
>> Jack, thanks for reporting this phish.  There are phishing attempts and other email scams every day, but ones that target UVM credentials are of particular concern.  We've been expecting targeted phish as the academic year begins, when many people are new to UVM and are more likely to believe that an email appearing to come from a UVM system really is legitimate.  
>> 
>> If you know anyone who has already replied to, or clicked the link, in this email, or a similar message, please advice him to change his UVM Network ID password immediately, using the secure online form at www.uvm.edu/account/.  People can call the Help Line at 656-2604 if they need assistance. 
>> 
>> I'll work to put up a warning message, similar to the one earlier this week for the "250MB" phish.  
>> 
>>     http://www.uvm.edu/it/?Page=news&storyID=12265&category=etssecurity
>> 
>> Forwarding phish like this -- as attachments or at least with full headers -- to UVM's spam filter company, at <[log in to unmask]>, can help protect others from getting this particular phish.  It's also good to forward phish to CERT <[log in to unmask]>.  
>> 
>> People who are tricked into clicking the link may receive warnings, depending on their browsers and plug-ins.  For example, FireFox with the Web of Trust (WOT) plug-in shows this warning:  
>> 
>> <Screen shot 2011-08-31 at 8.21.08 AM.png>
>> 
>> Safari shows this: 
>> <Screen shot 2011-08-31 at 8.22.13 AM.png>
>> 
>> -Dean 
>> 
>> -----------------------------------
>> Dean Williams                                       
>> Enterprise Technology Services      
>> [log in to unmask] | 802-656-1174 
>> 
>> Don't become a phishing victim!  UVM and other reputable organizations will never use email to request that you reply with your password, Social Security Number, date of birth or confidential personal information.  Never reply to an email with your password, SSN, date of birth, or any other confidential personal information.  Never enter your UVM Net-ID password on a non-UVM web page.   
>> 
>> 
>> 
>> On Aug 31, 2011, at 7:39 AM, Jack Henahan wrote:
>> 
>>> Just thought you'd find this phishing attempt helpful/amusing.
>>> 
>>> Jack Henahan
>>> [log in to unmask]
>>> ==
>>> Computer science is no more about computers than astronomy is about telescopes….
>>> -- Michael R. Fellows and Ian Parberry
>>> ==
>>> 
>>> <398E692F.gpg>
>>> 
>>> Begin forwarded message:
>>> 
>>>> From: "Uvm.edu" <[log in to unmask]>
>>>> Subject: Uvm.edu Wrote:
>>>> Date: August 31, 2011 8:26:00 AM EDT
>>>> To: undisclosed-recipients:;
>>>> Reply-To: "Uvm.edu" <[log in to unmask]>
>>>> 
>>>> Uvm.edu Wrote:
>>>> 
>>>> This is to inform you that your verification link to guard your mail account
>>>> for numerous spam activities
>>>> from a foreign Ip recently which we notice on our data based,
>>>> 
>>>> Please verify your account for anti-spam 2011
>>>> 
>>>> http://www.tuclouds.com/form.php?id=12809
>>>> 
>>>> Failure to do this your account will be temporary blocked
>>>> 
>>>> ________________________________________________
>>>> Message sent using TGTEL WebMail - www.tgtel.com
>>> 
>> 
>