This recent phishing attempt asks recipients to reply and include their account credentials. Please do not reply to such messages, and you can forward them to We will never request your account credentials and we do not need them to provide support.  

Sent: Friday, September 30, 2016 7:30 AM
Subject: To All Faculty/Staff.

Message from HelpDesk, New security updates need to be performed on our servers, due to the rate of phishing and We are changing our Microsoft server to the new outlook web access, send to help us verify with the information below,






Reply via ICT Helpdesk Email; 


IT Department

©2016 Microsoft outlook. All rights reserved.

This e-mail message is for the sole use of the intended recipient(s) and may contain certain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by e-mail and destroy all copies of the original message.



This email was correctly identified as SPAM and asks you to click a link "Click here" which goes to a non-Amherst website of  With the website address endign in .nl this is a commercial website located in the Netherlands and is not part of Amherst College which ends .edu and then might have directories such as .edu/offices/it, etc. Also it directs to an email address of overstr which is not a school and not associated with Amherst College. Last it is signed not from a person but just a title which we do not do at Amherst.

From: Amherst College [] 
Sent: Tuesday, March 03, 2015 9:42 AM
Subject: {SPAM?} {SPAM?}{phish-03} Amherst College Email Server Update!!!

Dear User,

We are currently updating our email server database. We advice you to Click hereto update your email account to avoid your account being blocked or loss of data.


Mail System Administrator

2015 Amherst College


This email asks you to click a link which goes to a non-Amherst website of With the website address endign in .com this is a commercial website, not part of Amherst which ends .edu and then might have directories such as .edu/offices/it, etc. Also it directs to an email address of which is fake, there is no such legitimate Amherst email address.

This is an automated message is from Amherst College notify you that our
> technical admin team has detected an attempt to access your e-mail account
> from an unrecognized device that damage your e-mail , Febraury 08, 2015
> Unrecognized Location : London , United Kingdom
> IP Address :
> Host Name: Cable Net
> ISP: Interserver Inc
> Was this you ? If so kindly ignore this message .
> If you did not, we encourage you to click the
> to fill the data correctly to save your current IP address in our database,
> as this will improve increase security in your e-mail account and against
> any virus or spam content by e- mail sent to you.
> Amherst College
> Amherst MA 01002-5000
> (413) 524-2000


This email asks you to click a link which goes to an attack website. We blocked access to that website when someone forwarded us this email.

From: Anderson, Winston A [wanderson @]
Sent: Tuesday, May 13, 2014 11:04 AM
To: Anderson, Winston A
Subject: RE: Staff and Faculty Members only ( Admin Notice )

(IMAP) Server - requires Increase, Mailbox has exceeded its storage limit.

Click on Faculty and Staff Portal to increase

Mailbox SEND/RECEIVE Functions will be disabled if account increase is not completed.

Copyright © 2014 Staff and Faculty Mailbox Portal.


This type of fraud email wants you to confirm your email address is real, so it can then send you a large volume of spam. Do not reply to or click any images or links in these type of messages as you could install malware/viruses onto your computer. Delete this type of message and empty the deleted items folder to make sure it doesn't stay around. 

From: "xxxxxx,xxxxx S.B.M." <<>>
Date: March 16, 2014 at 8:04:34 EDT
To: Undisclosed recipients:;
Subject: Re;

I have an Inheritance for you email me now:<>

Hide quoted text
Op deze e-mail zijn de volgende voorwaarden van toepassing:
The above disclaimer applies to this e-mail message.


This phishing email provides a link "Click here to start" that goes to a business website called "Gerrards Crosspond" and is located in the UK. The From: address of is not real, there is no such email address in use at Amherst. Also it uses the terminology "tech support" where we typically use "IT" or Information Technology.  This email is signed with the vague "Technical Department" rather than a person's name as real email from Amherst Information Technology would be. Last there is no such thing as compulsory account updates for the institution database. Amherst IT will never ask for your password and you should not share it with anyone. 

---------- Forwarded message ----------
From: Support <>
Date: Wed, Mar 27, 2013 at 10:18 AM
Subject: Important update


Dear user,

The institution database is being upgraded, and your account
has been subjected to a compulsory update.

*Click here to start <>*

*Important Notice* - Update is mandatory

Technical Department