NOTICE: Beware of malicious links in emails about orders or invoices

Thursday, August 17, 2017

We have seen a flurry of fraudulent emails at U-M in recent days with subject lines that include an invoice number or an order number and that appear to come from a U-M sender, often someone the recipient knows. If the recipient clicks the link in the message, a malicious file is downloaded. The recipient's contacts list may then be used as a source of senders for similar fraudulent email. We saw a similar flurry back in May (Beware of emails with links to orders or invoices).

  • Information Assurance (IA) is aware of the emails. We are blocking the websites that are hosting the malicious software downloads as we discover them.
  • As anti-virus software is updated to recognize the malicious downloads, it should discover and remove the download if message recipients clicked the fraudulent link.

To protect yourself from these and other fraudulent emails:

  • Do not click links to orders or invoices unless you are expecting them. Look carefully at all links in emails. If you aren't sure a link is legitimate and safe, don't click.
  • Check the phishing alerts on Safe Computing. IA staff members post phishing and other malicious emails reported to them by members of the U-M community. Check to see if the email you received is posted there.
  • Hover over links in emails with your mouse to see the actual destination. Most email programs show the URL in the bottom left corner of the window when you hover over a link. Check whether the URL matches the link in message text. If the message claims to be about the university, look to see if the URL looks like other university URLs you are familiar with.
  • If the URL doesn't look right, don't click it! The URL in the recent emails, for example, is clearly not a U-M web address.
  • Double check. If you are suspicious of a link or attachment, don't click. Check with the sender by phone or in person to see if they actually sent the message.
  • Learn more about fraudulent emails at Phishing & Suspicious Email.