Scams that Steal Your Login | safecomputing.umich.edu

What is a Login Theft Scam?

Threat actors create sophisticated scams to steal your U-M login credentials. They use false pretenses, such as a party invitation or a request to review a document.

Dropbox important payroll document requiring immediate attention has been securely shared with you via Dropbox. Open file button.

How it Works

Scammers send you an email directing you to enter your uniqname, password, and phone number on a webpage or in a form. They use the information to initiate U-M single sign-on, then ask you to send them the multi-factor authentication passcode so they can complete the authentication process and gain access to your account.

With this access, scammers can:

Redirect your paycheck deposit
Redirect financial aid payments
Apply for emergency hardship loans in your name
Gain entry to sensitive U-M systems and data
Use your U-M account to carry out further scams, and more.

What to Watch Out For

Beware of suspicious emails designed to lure you into providing personal information under false pretenses.
Messages or forms may be designed to look like they are from U-M, familiar services such as Dropbox, or evite vendors such as Paperless Post.
Red flags that it’s a phishing attempt:
- A login page or login form asking for your phone number.
- If you are asked for your email address and password a second time to confirm.

How to Protect You and U-M

Only enter your uniqname and U-M password on the official U-M single sign-on screen (https://okta.umich.edu/) or UM-managed Microsoft Office 365.
Do not enter multi-factor authentication passcodes into any forms other than the official U-M single sign-on screen.
Do not share multi-factor authentication verification codes, passcodes, or accept multi-factor push notifications unless they are initiated by you, or requested by the ITS Service Center to verify your identity when you call for support.
Pay attention to warnings: Google forms warn you to never enter login information into a Google form.
Report phishing and email abuse. Send the full message with headers to [email protected].

If You Get Caught

If you shared your login information under suspicious circumstances, your account has likely been compromised.

Change your UMICH password immediately and follow the instructions at What to Do if Your Account is Compromised.
Report the incident to the ITS Service Center.
Carefully review the activity on any account that became vulnerable as a result of responding to the scam.

Scam Examples

Sponsored link in search results for Wolverine Access may lead to phishing – login theft and direct deposit redirect

You’re Invited!

Urgent: Payroll Document Ready for Review