If you're questioning whether an email or webpage is fraudulent, remember these two points:
1. U-M Will Never Ask You to Validate Your Account or Provide Your Password in Email.
Compare examples of a fraudulent email and an email U-M actually sends to people
This Email Is a Fraud
Clues that indicate this email is fraudulent:
- It directs you to a non-UM website. Hover your mouse over the link to see the actual address you'll be directed to. In this case, the URL is clearly not a U-M webpage. Don't click the link if it looks wrong to you. (This screenshot is of a Google mailbox; in Google Mail, the URL appears in the lower left corner of the window. Different email programs may show the URL in different locations.)
- It asks you to validate your account or it will expire. U-M will never ask you to validate or verify your account. U-M email accounts only expire when you leave the university and are no longer eligible for them.
- The "From" address is fake. Even though the message above looks it came from a U-M address, it didn't. In this case, a quick check of the MCommunity Directory using Advanced Search to look for a group whose name exactly matches "service" reveals that no such group exists. Beware, though, because criminals can forge the "From" address.
This Email Is Safe
Clues that indicate this email is safe:
- It does not ask you to verify or validate anything.
- It does not ask you for your password.
- It directs you to your department or the ITS Service Center if you have questions or concerns.
When you are no longer affiliated with the university, you receive an email message letting you know that some of your U-M computing services will be discontinued in 30 days. (See the full text of the 3-day notice message.)
Sponsored affiliates lose access to computing services immediately when their U-M sponsorship expires. They may or may not receive an email notification, depending on whether their sponsoring department has requested it.
2. Before entering your UMICH password, make sure the URL of the webpage is correct.
Compare real and fake webpages
- The URL of the real U-M Weblogin page begins with https://weblogin.umich.edu/
- The rest of the URL varies depending on the particular U-M website you are logging in to.
This Webpage Is a Fraud
This looks like the Weblogin page, but the URL is wrong. It does not begin with https:// and there is no slash (/) after the umich.edu. Instead, there is .lib1.ir. This page is attempting to steal your password.
This Webpage Is Safe
The URL begins with https://weblogin.umich.edu/
The rest of the URL varies depending on the particular website you are logging in to. In this case, the "webdirectory" indicates a login to the MCommunity Directory.