The University of Montana utilizes robust spam filtering software that filters out the vast majority of spam and phishing messages. However, in some instances, spam and phishing messages manage to make it through the filter. It is important for UM students, faculty, and staff to be aware that they may still get spam and phishing messages. Be advised to read emails carefully and consider aspects of the email that are hallmarks of phishing such as a call to urgency, grammatical/spelling errors, and requests for usernames and passwords.
The University continues to experience waves of email impersonation attacks. These are emails that appear to come from a trusted source, usually a Dean, Department Head, or even President Bodnar, and are very simple in nature, such as “Are you available?”. The attacker will often redirect the conversation to an alternate communications channel, such as text messaging, before delivering their final request, which usually involves the purchase of gift cards.
You should treat any message that comes from a non-university email address with caution. It can be particularly difficult to spot a non-university email address if you happen to be using a mobile client, as many mobile clients don’t display the actual email address that you’re replying to. So use extreme caution when using a phone or other mobile device to read and respond to messages.
In addition, if an email contains certain content that suggests it may be phishing, we have implemented a warning message that appears in the email.
Below are some examples of phishing attempts we have seen on campus. Please note that these are only examples and should not be taken as a comprehensive list of phishing attempts. Be vigilant in assessing the risks of every email you receive.
- Phishing email referencing UM President
- Phishing email regarding "Full Email" Alert
- Phishing email asking for emailed reply with credentials
- Phishing email requesting information to be sent via attachment
- Phishing email asking to validate email account
- Phishing email claiming “your account will be blocked”
- Impersonation Example
Help keep UM alert!
There are steps we can take to mitigate phishing issues. If you receive what you suspect may be a phishing message, please report it to IT Central. Follow the process for reporting spam, but add a CC to firstname.lastname@example.org.
Are we phishing ourselves?
When creating legitimate mass communication messages, consider how your message may appear to recipients who have been trained to be suspicious of unsolicited messages.
Any of the following issues could cause your message to be interpreted as a phishing message:
- Including links to non-UM web sites
- Links to forms which then ask for some sort of personal information
- Use of URL shorteners
- Message sent from a non-UM address
- Including links which immediately bring up a Login screen
The following examples are all legitimate messages which were reported to IT as suspicious: