Phishing & Suspicious Email

What Is Phishing?

Criminals use malicious email and websites to try to trick you into revealing your password or other sensitive information or to infect your computer with malware. They target universities. Phishing email often uses urgent language, asks for personal information, and has grammatical, typographical, or other obvious errors.

U-M reduces malicious email for you, but some phishing emails still get through. Learn how to recognize phishing and other malicious email to protect yourself and the university.

How to Spot Phishes

• Check links before clicking. Check the full URL to see if it goes where you expect.
  • On your smartphone or tablet, press the link and hold down until a dialog box appears containing the URL.
  • On your computer, hover over the link with your mouse. The URL will usually appear in the lower left corner of your window.
  • Check shortened URL destinations with these shortened URL Security tips.
• Check to see If the sender is forged. See How to Spot a Spoof.
• Is the content suspicious?
  • Check Scams & Fraud for common scams and scams reported at U-M.
  • Also check examples of recent phishes seen at U-M.
• Be careful where you enter your password. Learn what to look for to help spot fake U-M login pages that many scammers use in phishing. See Look before you log in.
• Pay attention to banners.
  • Google Mail at U-M Users. Google Mail at U-M flags messages that may be suspicious to help you identify potential problems. See Google Mail Banners Warn of Suspicious Email.
  • Michigan Medicine Outlook Users. Take note of an automated warning banner at the top of emails received from senders outside the university that contain links or attachments. The email banner urges extra caution with such messages.

Learn More About Phishing

• Don't Fall for Phish! Test your phish detection skills in this U-M phishing training.
• Look Before You Click. Beware of Phishing! Learn how to recognize and protect yourself from phishing attempts. 10-15 minute eLearning course; login with UMICH (Level-1) password required.
• Michigan Medicine Cyber Review in 2 – Phishing Tip Sheet. This tip sheet is intended to assist all Michigan Medicine staff in reporting and identifying phishing.
• Office Doc Dangers: Macros & Enabled Content Pose Risks. Learn what to watch out for in shared MS Office documents.
• Phishing Examples: What to Watch for. Includes screen shots of fraudulent and safe emails and webpages at U-M.
• Ransomware: Don't Pay the Ransom!
• Shared Document Emails Can Be Traps. Shared documents aren't always what they seem.
• U-M's spear phishing video

For additional quizzes, tips, and information from beyond the university, see Phishing & Suspicious Email: Recommended Resources.

Report Phishing

Google at U-M users can forward phishing email to [email protected]; include what Google calls the original message. Michigan Medicine Outlook/Exchange users can use a Report Phishing button. For details, see Report Phishing.

If You Get Caught

If you gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised.

• Change your UMICH (Level-1) password and follow the instructions at What to Do if Your Account May Be Compromised.
• Carefully review any online account that became vulnerable as a result of responding to the message.