As phishing and scams flood student inboxes, UVM continues to improve cybersecurity


Mac Mansfield-Parisi

A collection of recent email scams appear on a laptop screen Sept. 1.

In a modern world with ever-improving technology benefiting both the well- and ill-intentioned, UVM finds itself fighting an endless battle to maintain online security for community members. 

UVM Police Chief Tim Bilodeau said UVM students have been targeted for scams, phishing and other security issues for many years – even before the existence of cyberspace. 

The Information Security Office has noticed an uptick in the number of malicious emails that come to UVM affiliate inboxes over the years, Chief Information Officer Simeon Ananou said. 

“The internet itself as a whole is becoming more and more tricky and in fact, a little dangerous occasionally,” Ananou said. 

Information Security Officer Sam Hooker said the ISO categorizes a scam as something that is financially motivated, whereas phishing is an attempt to acquire login credentials. 

Although UVM recently increased ISO funding resulting in more technology and resources for stopping malicious emails before they reach the inbox, it is impossible to maintain an entirely scam free inbox, Hooker said.

“There will never be a static situation, the parasites will evolve in some way to sneak by the hosts, and when the host is successful in evolving the method for finding parasites, the parasites have to evolve,” Hooker said. 

The ISO received an influx of University funding as part of a five year plan unveiled in 2018, allowing the Office to implement a number of modern email filtering systems, Ananou said. 

Sophomore Ayden Morrison said that he frequently receives scam emails in his UVM email account. 

“School emails are more vulnerable than other emails, because we just think they’re all meant for our academic purposes,” Morrison said. “Once [a scammer] asked for my password and account, and I was like, ‘I don’t like this.’” 

Without being able to rely entirely on UVM’s technology to filter out scam and phishing attempts, the ISO relies on UVM community members to report suspicious emails, Hooker said.

Students can report scams, phishing and other suspicious emails to the ISO over phone or email contacts listed on their page, according to the ISO website.

The “Phishbowl” link on their site leads students to a list of suspicious emails they might have received in their UVM inbox. 

“We definitely field anywhere between a small handful and dozens of reports per day,” Hooker said. 

The number of scams that actually reach UVM inboxes has decreased dramatically in the last few years due to the implementation of an improved system for catching malicious emails before they reach inboxes, Ananou said. 

Hooker said the decrease can also be credited to the UVM community’s growing knowledge base about how to identify and report malicious emails.

Scams are the most common email threat to students, but the number of students that actually fall victim to those scams is less than a half dozen per year, Hooker said. Those cases of financial fraud are referred to law enforcement.  

When people send scams to obtain money, a criminal component is added to the incident, warranting campus police involvement, Bilodeau said. 

Bilodeau said if the scam has the potential to impact many members of the UVM community, UVM police would coordinate with Enterprise Technology Services to send out a campus alert through email. 

The ISO also works to educate students about cyber safety and improve the online experiences of the UVM community, Ananou said.

“Take a moment, pause and reflect, pause, think before you click,” he said. “I think that’s a simple way of describing it towards students. Your physical, mental and digital safety and wellbeing really, really matters to us.” 

Students can sign up for Vermont scam alerts on the Attorney General’s website, or call 800-649-2424 for additional guidance.