Phishing & Suspicious Email

What Is Phishing?

Criminals use malicious email and websites to try to trick you into revealing your password or other sensitive information or to infect your computer with malware. Phishing email often uses urgent language, asks for personal information, and has grammatical, typographical, or other obvious errors.

Learn to Spot Phishes

Quick Tip: Check Links Before Clicking

Check the full URL to see if it goes where you expect.

  • On your smartphone or tablet, press the link and hold down until a dialog box appears containing the URL.
  • On your computer, hover over the link with your mouse. The URL will usually appear in the lower left corner of your window.

Pay Attention to Banners

  • Google Mail Users. Google Mail at U-M flags messages that may be suspicious to help you identify potential problems. See Google Mail Banners Warn of Suspicious Email.
  • Michigan Medicine Outlook Users. Take note of an automated warning banner at the top of emails received from senders outside the university that contain links or attachments. The email banner urges extra caution with such messages.

Phishing Clues You Can Use

For additional quizes, tips, and information from beyond the university, see Phishing & Suspicious Email: Recommended Resources.

Where to Report Phish

Phish at U-M

You can report suspicious emails you receive at your university email account (U-M Google or Michigan Medicine Outlook) to the university.

For phishes that appear to impersonate a U-M address or service, send the entire message—with full email headers if possible—to If you use U-M Google Mail, you can also report the phish to Google by using the report phishing option.

Note to U-M Google Mail users: If your message is rejected when you try report spam or phishing to, please try the following:

  1. In the message you would like to report, click the down arrow next to the Reply arrow and select Show original.
  2. In the Original Message screen, click Download Original to download the page as a .txt file.
  3. Compose a new message, attach the file you downloaded, and send the new message and attachment to

Other Phish

If you receive a phish impersonating a bank, retailer, or other institution, please consider contacting them to let them know. 

If You Get Caught

If you gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised.

Recent Phishing Alerts