Reading Time: 2 minutes, 51 secs

Dealing with Spam and Phishing Attempts

What’s the difference between Spam and Phishing?

Spam is unsolicited email that often attempts to sell a product or service. Typically, spam is addressed to a vast number of people in hopes that by casting a wide enough net, the spammers will increase their chance of getting a response.

Phishing is a specific type of spam that attempts to trick you into giving away your personal information, whether it’s your UVM credentials, your credit card information, or even your Social Security Number.

Phishing attempts are often threatening and time sensitive — “Respond by tomorrow or we will delete your account!” Phishing attempts may appear to come from UVM or some well known company and often include a mix of real and fake email addresses and web links (URLs).

The University of Vermont is invested in maintaining the security of your account and protecting your private information while also ensuring these services don’t dissuade collaboration and aren’t overly restrictive. As such, we rely on our users to practice safe computing and be cautious and critical.

How do I get less spam?

  1. Lower the spam confidence percentage at
  2. If you are consistently receiving spam from a specific source, set up an Inbox Rule using our guide

How do I know if a message is legitimate or not?

It’s important to always be wary of any emails you receive. Even if you receive an email from a friend, colleague, or family member, it’s possible this person’s email credentials have been compromised.

There are several cues that help in determining the legitimacy of an email.

  1. The email is not personalized.
    1. The email isn’t sent directly to you, and your name is not used in the body of the message, or;
    2. The message was sent to a list of individuals with whom you are unfamiliar, or;
    3. The recipients of this message are hidden
  2. The subject line is intended to shock, but doesn’t describe the contents of the message.
  3. The content of the email is awkwardly written and contains spelling and grammatical errors.
  4. The email is urgently requesting personal financial information.
  5. When you hover over any links in the message for a few seconds, the link doesn’t match where the sender said the link would go, or the link doesn’t go to a UVM site.

When any of these cues appear in an email concerning your UVM account, you shouldn’t respond or click any links in the email, and you should delete the email.

If after checking for these cues, you are still unsure if the email is legitimate, you can contact the UVM Tech Team for assistance. Our contact information can be found at

What should I do if I responded to a phishing attempt, or clicked a link in a phishing email?

  1. Change your NetID Password at as soon as possible.
  2. It’s possible UVM’s Identity and Account Management department will catch that your account has been compromised. If so, your account will be locked to protect your information and privacy, and the University’s privacy as a whole. To remove this lock, you will need to contact Identity and Account Management.
  3. Though not always necessary, you may also want to change your password for various, non-UVM services (personal bank, other email accounts).


If you are experiencing problems or need further assistance, please contact the UVM Tech Team at