Is this email legitimate or a hoax? This is the single most frequently asked question we have. The answer is almost always no but people still ask and occasionally one of our clients will fall for a scam and end up with a compromised account.
The basic rule of thumb should be: if you want to ask someone about a particular email, then chances are the email is a scam and you should just delete it.
In general here’s what to look for:
- Is the email coming from a UVM email address? If not, it’s fake.
- If there is a link in the email, does the link appear to be going to a UVM website (i.e. does the host name end in “uvm.edu”)? If not, it’s fake.
- Does the link in the email go to same place that the email says it does (e.g. the link says “www.uvm.edu” but actually goes somewhere else). If it doesn’t, it’s fake.
You do not have to click the link to find out where it’s actually going. Instead you can right click (control click under MacOS) and select “Copy Link Location”, then you can paste the link into any web browser and “see where it’s going” before actually clicking.
- If you do click the link does the site ask you for personal information (account and password, or worse, SS#)? If yes, it’s fake.
- Does the email threaten dire measures if you don’t comply? If yes, it’s probably fake.
Any security measure imposed by UVM (e.g. expiring your UVM netID every 365 days), will not be executed without ample warning (two weeks at least) and can always be reversed.
Here is an ebay website on the subject: