Phishing Alert: Unauthorized Login Attempt

Some U-M community members reported receiving this email. It is fraudulent or malicious. Do not respond, click any link in it, or provide personal information or money. See Phishing & Scams for more tips. If you need help, contact the ITS Service Center.

Date Sent: 
Tuesday, March 8, 2022

Phishing Email Summary

This phishing email attempts to trick the recipient by claiming that there have been unauthorized attempts to log in to their email account. It threatens disabling of the account if action is not taken, and it also impersonates a U-M account by using the signature "University of Michigan Administrator." Links in this phish direct the recipient to a fake U-M weblogin page. The page uses stolen graphics and design elements in order to look very similar to the real weblogin page.

The best way to spot this phish as a fake is to check the URL of the fake weblogin page it directs to. Sending addresses and graphics can be faked or stolen, so examining the URL is the best way to avoid this trap. The real weblogin page is: https://weblogin.umich.edu/ . If you have already authenticated, going to https://weblogin.umich.edu/ should redirect you to Wolverine Access.

Phishing Email Text

Dear umich.edu mail user,
We've noticed an unauthorized login attempt to your mailbox. and your email account will be temporarily disabled by the System Mail administrator
  CLICK HERE  To validate your account being disabled.

Thanks for helping us protect you.
University of Michigan Administrator

Phishing Email or Site Screenshot: 
Image of a fake web login page. The page has stolen graphics to make it look like the real thing. You can tell it is a fake by looking at the URL of the page which does not match the real U-M site. The real web login page is: https://weblogin.umich.edu/ .