How to Protect Yourself
- Watch for fake or spoofed QR codes. In this case the scammer uses a QR code that pretends to be sent from the University of Michigan, but takes you to a phishing site hosted by a free web hosting platform. Learn how to Spot Phishing & Scams.
- Inspect the URL of the QR code. View the URL before you open it. The QR reader on your phone translates the URL. If it looks like a URL you recognize, make sure it’s not spoofed — look for misspellings or a switched letter.
- Don’t fall for pressure. Scammers often ask you to take action urgently. It’s a trick to get you to act without looking carefully. The scammer’s goal is to steal your login credentials or personal information, or to get you to download malicious software and gain access to your accounts, such as banking.
- Do not enter login credentials without verifying that the site is legitimate. Before entering your UMICH password on a web page, check that the page's web address/URL begins with
- https://weblogin.umich.edu/. Learn how to Look Before You Login.
- Report Phishing and other Email Abuse. ITS Information Assurance has a process for reporting suspicious, abusive, or scam email. Your reports help us to tailor technical responses and provide warnings and guidance to the U-M community.
If you get caught or are concerned that your have given personal information to someone attempting to scam you:
- Change your UMICH password immediately.
- See our Identity Theft page if your personal information was compromised.
- See our Compromised Accounts page if you believe your U-M or other accounts have been compromised.
This email scam is one type of scam that uses QR codes. For more information about scams involving QR codes, see the following resources:
- Scammers hide harmful links in QR codes to steal your information (FTC.gov)
- AG Nessel Shares FBI Warning About Malicious QR Codes (michigan.gov)
Scam Email Text
{Note: For this phishing email, the text is an embedded image file that also includes a spoofed U-M logo and QR code.}
Due to recent security, This email is to confirm 2-factor authentication for all University of Michigan email recipients. You’re hereby required to complete exercise with the mobile number you want your 2-Factor Authentication set to.
Scan QR Code to complete authentication.
{QR code}