Phishing & Suspicious Email

What Is Phishing?

Criminals use malicious email and websites to try to trick you into revealing your password or other sensitive information or to infect your computer with malware. They target universities. Phishing email often uses urgent language, asks for personal information, and has grammatical, typographical, or other obvious errors.

U-M reduces malicious email for you, but some phishing emails still get through. Learn how to recognize phishing and other malicious email to protect yourself and the university.

How to Spot Phishes

  • Check links before clicking. Check the full URL to see if it goes where you expect.
    • On your smartphone or tablet, press the link and hold down until a dialog box appears containing the URL.
    • On your computer, hover over the link with your mouse. The URL will usually appear in the lower left corner of your window.
    • Check shortened URL destinations with these shortened URL Security tips.
  • Check to see If the sender is forged. See How to Spot a Spoof.
  • Is the content suspicious?
  • Be careful where you enter your password. Learn what to look for to help spot fake U-M login pages that many scammers use in phishing. See Look before you log in.
  • Pay attention to banners.
    • Google Mail at U-M Users. Google Mail at U-M flags messages that may be suspicious to help you identify potential problems. See Google Mail Banners Warn of Suspicious Email.
    • Michigan Medicine Outlook Users. Take note of an automated warning banner at the top of emails received from senders outside the university that contain links or attachments. The email banner urges extra caution with such messages.

Learn More About Phishing

For additional quizzes, tips, and information from beyond the university, see Phishing & Suspicious Email: Recommended Resources.

Report Phishing

Google at U-M users can forward phishing email to ReportPhish@umich.edu; include what Google calls the original message. Michigan Medicine Outlook/Exchange users can use a Report Phishing button. For details, see Report Phishing.

If You Get Caught

If you gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised.

Recent Phishing Alerts