Home
Home Students Faculty and Staff IT Security Community

Spam, Phishing, and Suspicious Email

What are Spam and Phishing?

Spam is the use of electronic messaging systems to send unsolicited—usually undesired—bulk messages indiscriminately. Some spam is merely annoying, while other spam can result in a number of very bad outcomes for unsuspecting recipients.

Phishing is a specific type of spam. Phishing or spoofing is the term used for deceitful or fraudulent emails designed to trick people to provide personal information that leaves them vulnerable to identity theft, computer viruses, and compromised email accounts. The number and sophistication of phishing scams continues to increase. Non email types of phishing include phony websites or phone calls that ask the potential victim to supply or verify personal information.

Spear Phishing is an even more insidious form of phishing, where criminals impersonate U-M officials to trick you. Watch a short video to learn about spear phishing.

Stop. Think. Connect.

When you cross the street, you look both ways to make sure it's safe. Staying safe on the Internet is similar. It takes some common sense steps—Stop. Think. Connect.

STOP. THINK. CONNECT. Protect yourself and help keep the web a safer place for everyone.

Recognizing a Phishing Message

  • Typically uses urgent or exciting language
  • Asks for passwords, bank account information, usernames, credit card numbers, social security numbers
  • Often has grammatical, typographical, or other editorial errors (but the more sophisticated phishes may not)

Tips to Avoid Getting Phished

  • Do not respond to any suspicious email by clicking on links or filling out forms with personal or financial information.
  • Remember that if something sounds too good to be true, it probably is.
  • Ask yourself why would you be singled out for a windfall or other special treatment out of the millions of other Internet users. Such offers are almost always a scam.
  • Don't believe everything you read. Just because an email or web site is presented attractively doesn't mean that it's telling you the truth.
  • Be patient. Too many users end up the victims of Internet crime because they do not stop to think, but instead act on impulse clicking on a "sexy" link or an interesting looking attachment without thinking of the possible consequences.
  • Unless you're certain of a person's identity and authority to request such information, never provide your personal information or information about your company/organization via email, text, or over the phone.
  • If you think an email may not be legitimate, attempt to verify it by contacting the company or organization directly. But don't use the contact information provided in the email to make contact, it could be bogus; look up the organization's contact information yourself.
  • Double-check the URLs of websites you visit. Some phishing websites look identical to the actual site, but the URL may be subtly different.
  • Be cautious about sending sensitive information over the Internet if you're not confident about the security of the website.

How to Report Phishes

If you receive an email that you suspect is a phish that appears to come from U-M, forward the entire original message with full headers displayed to abuse@umich.edu. There is no way to trace the origin or source of an email without the full headers.

I Responded to a Phish. Now What?

If you responded to a message that may have been a phish, follow the instructions at Compromised Accounts. You should carefully review any online account that became vulnerable as a result of responding to the message. For additional guidance, contact the ITS User Advocate.

Learn more about phishing.

Test your phishing knowledge.

Spam Filtering

It is important to keep your computer's browser up-to-date with all security patches applied. ITS uses Microsoft Forefront for spam and virus detection. In addition, there is an ITS service that can further reduce the amount of spam that you receive on your U-M email account.

  • Using the Do Not Spam List to Reduce Spam
    Rejects email from known sources of spam. This will reduce, but not eliminate spam. Many spammers switch identifies frequently, and therefore avoid being listed as a known spam source (available to all U-M community).

Still have questions?

View questions and answers from the U-M community about spam and phishing.