Accessible Navigation.
security logo

Phishing


The University of Montana utilizes robust spam filtering software that filters out the vast majority of spam and phishing messages. However, in some instances, spam and phishing messages manage to make it through the filter. It is important for UM students, faculty, and staff to be aware that they may still get spam and phishing messages.  Be advised to read emails carefully and consider aspects of the email that are hallmarks of phishing such as a call to urgency, grammatical/spelling errors, and requests for usernames and passwords.

In addition, if an email contains certain content that suggests it may be phishing, we have implemented a warning message that appears in the email.  More information about his message can be found here.

Examples

Below are some examples of phishing attempts we have seen on campus. Please note that these are only examples and should not be taken as a comprehensive list of phishing attempts. Be vigilant in assessing the risks of every email you receive.

Phishing email referencing UM President

Phishing email regarding "Full Email" Alert

Phishing email asking for emailed reply with credentials

Phishing email requesting information to be sent via attachment

Phishing email asking to validate email account

Help keep UM alert!

There are steps we can take to mitigate phishing issues.  If you receive what you suspect may be a phishing message, please report it to IT Central.  Follow the process for reporting spam, but add a CC to itcentral@umontana.edu.

Are we phishing ourselves?

When creating legitimate mass communication messages, consider how your message may appear to recipients who have been trained to be suspicious of unsolicited messages.

Any of the following issues could cause your message to be interpreted as a phishing message:

  • Including links to non-UM web sites
  • Links to forms which then ask for some sort of personal information
  • Use of URL shorteners
  • Message sent from a non-UM address
  • Including links which immediately bring up a Login screen

The following examples are all legitimate messages which were reported to IT as suspicious: