Spear Phishing

Criminals are Targeting You and the U

Criminals are targeting you and all members of the U-M community with phishing schemes to trick you into revealing your personal information and UMICH password.

What's at Risk?

  • Access to your U-M accounts and university records
  • Private personal information
  • Valuable research data
  • Sensitive university data

What is Phishing?

  • A technique criminals use to try to trick you out of information.
  • Criminals send you email directing you to websites that ask for your password as verification of some sort.
  • They disguise themselves as something or someone you trust—a bank or a computing help desk.
  • They threaten to cut off your access unless you give them your password.
  • Often you can tell that phishing emails and websites are suspicious because of misspelled words, bad grammar, and other clues.

What is Spear Phishing?

  • A more targeted version of phishing.
  • Universities, including U-M are targeted.
  • Criminals disguise their messages and websites to look like official U-M messages and websites.
  • They target members of the U-M community.
  • It's harder to recognize that the emails and websites are the work of criminals because they closely mimic the look of legitimate emails and websites.

Learn to Recognize Phrases that Sound Phishy

Criminals urge you to act quickly, so you don't have time to think. They say things like this:

  • Validate, verify, update your account!
  • Your email is full!
  • Your account will be deleted!

Learn to Recognize Phishy Links

  • Use your mouse to hover over the link in the email message to see the actual URL you are being directed to.
  • Look at the URL (the web address). The real weblogin URL is https://weblogin.umich.edu
  • Note the https at the beginning. The "s" is used for secure connections.
  • Note the entire URL. Criminals may use pieces of that URL, but not the exact thing.

If You Aren't Sure, Check with the Experts

Key Points to Remember

  • Use caution with emails asking you for personal information.
  • Be suspicious of any request for personal information.
  • Verify that the request is legitimate before you provide any information.
  • Do not send personal information via email.