Posted: 11/14/2025
Status: Active Phishing Scam Targeting Employees, but also sent to Students

A recent phishing campaign is targeting university employees with an email claiming that the “2025 Faculty and Staff Performance Summary” is available for review. The message appears professional and references academic engagement, departmental collaboration, and performance discussions, but it is not legitimate.

How the Phishing Attempt Works

• Pretends to be from an “Institutional Performance and Monitoring Unit” and the “University Executive Council.”

• Encourages faculty and staff to review a performance report through an official-sounding portal.

• Includes a “VIEW YOUR ASSESSMENT” link that goes to a Google Form designed to steal login credentials.

• Uses formal language to appear credible and urgent.

• No official campus department with this name sent the message.

• Unexpected performance summaries outside established HR review processes.

• Generic sender details and non-standard communication channels.

• A button/link that directs to a non-university URL.

If you receive one:

Do not respond, forward the message to solutioncenter@montevallo.edu, and delete it.

Posted: 11/4/2025
Status: Active Scam Targeting Students

IS&T has received reports of a new scam circulating on campus in which attackers impersonate UM faculty members to recruit students for a fraudulent “research assistant” position. The email appears to come from a professor in the Mathematics Department, but the sender address is not a legitimate University of Montevallo email account.

Important Reminder:

Legitimate UM faculty and staff will never:

• Email job offers from Gmail or other personal accounts.

• Ask for your bank account, Social Security number, gift cards, or personal financial information by email.

• Promise payment before you complete official HR or student employment steps.

All official campus jobs are listed on jobs.montevallo.edu and communication will always come from an @montevallo.edu email address. 

If you receive one:

Do not respond, forward the message to solutioncenter@montevallo.edu, and delete it.

If you responded and sent money or gift cards to the scammer: Contact UM Police to file a report at (205) 665-6155 or umpolice@montevallo.edu.

A phishing scam can happen to anyone. Cybercriminals use increasingly sophisticated attacks to trick people into sharing personal information like passwords, credit card numbers, and other sensitive data. If you suspect that you have fallen victim to a phishing attack, it is important to act quickly.

IS&T will NEVER ask for your login credentials or for you to change your password via email.

Be cautious of any emails that contain the following or similar requests:

• • Provide or confirm personal information (M#, password, PIN, banking information, phone number, etc.)
  • Reset your account
  • Update your MFA (Multi-Factor Authentication) method
  • Prevent account from being deleted
  • Purchase a piano
  • Apply for a job as a personal assistant making $500 per day
  • Immediately read an important document
  • Link to a Google Form requesting personal information, M#, login info, etc.

Reporting Suspicious Emails: To report suspicious emails to IS&T, use the “Report Email” or “Barracuda Essentials” button inside your Outlook client. These buttons can be found in the top toolbar of the selected email. You can also report emails by forwarding to solutioncenter@montevallo.edu.

DUO Security Reminder: Never approve a DUO prompt without verifying the source. If you are not actively logging into anything, you should not be receiving a DUO prompt. Press the “Reject” button to deny the request. Immediately reset your password if you are receiving prompts without initiating them.

Steps to Take if You Fall for a Phishing Scam or Approve a Suspicious DUO Prompt:

• • Immediately reset your password by going to https://passwordreset.microsoftonline.com or https://myaccount.microsoft.com.
  • Go through your My Account settings (myaccount.microsoft.com) and verify there is nothing suspicious under Security Info and Devices. Sometimes a hacker will get into your account and immediately make changes to the phone number and secondary email.
  • Go through your Outlook Settings (outlook.office.com) and verify there is nothing suspicious that has been setup. Settings can be opened by selecting the Gear icon in the top right toolbar of Outlook.
    • Mail > Forwarding: Verify that a mail forward has not been setup.
    • Mail > Rules: Verify that no suspicious rules have been setup.
    • Account > Signature: Make sure your signature has not been changed.

Contact the Solution Center during office hours if you need immediate assistance. They can help you secure your account and restore any unauthorized changes.

Solution Center
108 Morgan Hall
(205) 665-6512
solutioncenter@montevallo.edu

If you responded to a scam and shared personal information, or sent money or gift cards, please contact the UM Police Department as soon as possible to file a police report.

UM Police Department
(205) 665-6155
umpolice@montevallo.edu

Protecting your identity has never been more important, and one of the most effective steps you can take is freezing your credit reports. By freezing your credit reports with the three major credit bureaus, Equifax, Experian, and TransUnion, you prevent unauthorized access to your credit file. This makes it much harder for identity thieves to open new accounts, take out loans, or apply for credit in your name. A credit freeze is a free service regulated by federal law and can be easily lifted or reinstated whenever needed, giving you control over your financial security.

For students, faculty, and staff, freezing your credit reports is especially crucial. With so much of our personal information shared online, there is always a risk of data exposure. Freezing your credit adds an essential layer of protection, ensuring that even if someone gains access to your personal details, they won’t be able to misuse them to open fraudulent credit accounts.

Setting up a credit freeze is simple and free. Visit the websites of Equifax, Experian, and TransUnion, and follow their instructions for placing a freeze on your credit report. While you’re there, consider setting up free credit monitoring and fraud alerts that some bureaus offer. Staying vigilant about your credit activity and protecting access to your financial information helps you maintain control over your identity and gives you peace of mind.

Credit Bureau Websites:

• Equifax: www.equifax.com
• Experian: www.experian.com
• TransUnion: www.transunion.com

With tax season already underway, protecting your personal information is more important than ever. One effective way to safeguard yourself from tax-related identity theft is by obtaining an Identity Protection Personal Identification Number (IP PIN) from the IRS. This unique, six-digit number helps prevent someone else from filing a fraudulent tax return using your Social Security number. Once issued, your IP PIN must be used to verify your identity on your federal tax returns. By securing an IP PIN, you add a critical layer of defense against scammers and help ensure your tax information remains safe.

For students, faculty, and staff at the university, protecting personal and financial information is essential—especially with the increased risk of phishing scams and identity theft targeting educational communities. Using an IP PIN not only keeps your tax filings secure but also helps prevent the misuse of your Social Security number in other contexts. By taking proactive steps like this, our university community can foster a culture of cybersecurity awareness and personal data protection. Stay informed, stay safe, and make tax security a priority this season.

To learn more and request your IP PIN, visit the IRS website at irs.gov/ippin.

Cybersecurity should not be limited to the home, office, or classroom. It is important to
practice safe online behavior and secure our Internet-enabled mobile devices whenever we
travel, as well. The more we travel and access the Internet on the go, the more cyber risks we
face. No one is exempt from the threat of cyber crime, at home or on the go, but you can follow
these simple tips to stay safe online when traveling.