Phishing Examples: What to Watch For

If you're questioning whether an email or webpage is fraudulent, remember these two points:

1. U-M Will Never Ask You to Validate Your Account or Provide Your Password in Email.

Compare examples of a fraudulent email and an email U-M actually sends to people

This Email Is a Fraud

Clues that indicate this email is fraudulent:

  1. It directs you to a non-UM website. Hover your mouse over the link to see the actual address you'll be directed to. In this case, the URL is clearly not a U-M webpage. Don't click the link if it looks wrong to you. (This screenshot is of a Google mailbox; in Google Mail, the URL appears in the lower left corner of the window. Different email programs may show the URL in different locations.)
  2. It asks you to validate your account or it will expire. U-M will never ask you to validate or verify your account. U-M email accounts only expire when you leave the university and are no longer eligible for them.
  3. The "From" address is fake. Even though the message above looks it came from a U-M address, it didn't. In this case, a quick check of the MCommunity Directory using Advanced Search to look for a group whose name exactly matches "service" reveals that no such group exists. Beware, though, because criminals can forge the "From" address.

Screen shot of a fraudulent email. Note that if you hover your mouse over the link in the message, you can learn that the URL is not at U-M.

This Email Is Safe

Clues that indicate this email is safe:

  1. It does not ask you to verify or validate anything.
  2. It does not ask you for your password.
  3. It directs you to your department or the ITS Service Center if you have questions or concerns.

Screen shot of the email U-M sends to people who will lose access. When you lose your U-M affiliation, you are given 30 days notice before losing access to computing services.

When you are no longer affiliated with the university, you receive an email message letting you know that some of your U-M computing services will be discontinued in 30 days. (See the full text of the 3-day notice message.)

Sponsored affiliates lose access to computing services immediately when their U-M sponsorship expires. They may or may not receive an email notification, depending on whether their sponsoring department has requested it.

2. Before entering your UMICH password, make sure the URL of the webpage is correct.

Compare real and fake webpages

  • The URL of the real U-M Weblogin page begins with https://weblogin.umich.edu/
  • The rest of the URL varies depending on the particular U-M website you are logging in to.

This Webpage Is a Fraud

This looks like the Weblogin page, but the URL is wrong. It does not begin with https:// and there is no slash (/) after the umich.edu. Instead, there is .lib1.ir. This page is attempting to steal your password.

screenshot of fake login page

This Webpage Is Safe

The URL begins with https://weblogin.umich.edu/
The rest of the URL varies depending on the particular website you are logging in to. In this case, the "webdirectory" indicates a login to the MCommunity Directory.

screenshot of safe login page

Still Have Doubts?

If you aren't sure, check the recent phishing alerts or contact the ITS Service Center.